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We introduce a new hierarchy of higher-order nested pushdown trees generalising Alur et al.'s concept of 
nested pushdown trees. Nested pushdown trees are useful representations of control flows in the verification 
of programs with recursive calls of first-order functions. Higher-order nested pushdown trees are expansions 
of unfoldings of graphs generated by higher-order pushdown systems. Moreover, the class of nested pushdown 
trees of level n is uniformly first-order interpretable in the class of collapsible pushdown graphs of level n + 1. 
The relationship between the class of higher-order pushdown graphs and the class of collapsible higher-order 
pushdown graphs is not very well understood. We hope that the further study of the nested pushdown tree 
hierarchy leads to a better understanding of these two hierarchies. In this paper, we are concerned with the 
first-order model checking problem on higher-order nested pushdown trees. We show that the first-order 
model checking on the first two levels of this hierarchy is decidable. Moreover, we obtain an 2-EXPSPACE 
algorithm for the class of nested pushdown trees of level 1. The proof technique involves a pseudo-local 
analysis of strategies in the Ehrenfeucht-Fraisse games on two identical copies of a nested pushdown tree. 
Ordinary locality arguments in the spirit of Gaifman's lemma do not apply here because nested pushdown 
trees tend to have small diameters. We introduce the notion of relevant ancestors which provide a sufficient 
description of the FOj.-type of each element in a higher-order nested pushdown tree. The local analysis of 
these ancestors allows us to prove the existence of restricted winning strategies in the Ehrenfeucht-Fraisse 
game. These strategies are then used to create a first-order model checking algorithm. 

Categories and Subject Descriptors: F.1.1. [Computation by Abstract Devices]: Models of Computa- 
tion — Automata 

General Terms: Theory 

Additional Key Words and Phrases: higher-order pushdown graph, higher-order pushdown system, first- 
order logic, FO, decidability , pumping lemma, nested pushdown tree, Ehrenfeucht-Fraisse game, first-oder 
model checking 

1. INTRODUCTION 

During the last decade, different generalisations of pushdown systems have gained attention 
in the field of software verification and model checking. Knapik et al. 2002 showed that 
Higher-order pushdown systems, first defined by Maslov |1974l[TWB] . generate the same class 
of trees as safe higher-order recursion schemes. Safety is a syntactic condition concerning 
the order of the output compared to the order of the inputs of higher-order recursion 
schemes. A higher-order pushdown system is a pushdown system that uses a nested stack 
structure instead of an ordinary stack. This means that a level 2 pushdown system (2-PS) 
uses a stack of stacks, a level 3 pushdown system (3-PS) uses a stack of stacks of stacks, 
etc. Hague et al. |2008j defined the class of collapsible pushdown systems by adding a new 
stack operation called collapse. They proved that the trees generated by level I collapsible 
pushdown systems coincide with the trees generated by level I recursion schemes. The exact 
relationship between the higher-order pushdown hierarchy and the collapsible pushdown 
hierarchy remains an open problem. It is not known whether the trees generated by safe 
recursion schemes are a proper subclass of the trees generated by all recursion schemesQ 
Due to the correspondence of recursion schemes and pushdown trees, this question can be 



^This paper was mainly written while the author was a student at Technische Universitat Darmstadt and 
was funded by the DEC via the project "Strukturkonstruktionen und modelltheoretische Spiele in speziellen 
Strukturklassen" . 

^Recently, P. Parys |2011a) proved the uniform safety conjecture for level 2: there is a level 2 recursion 
scheme that is not generated by any level 2 safe scheme. 
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equivalently formulated as follows: is there some collapsible pushdown system that generates 
a tree which is not generated by any higher-order pushdown system? 

Also from a model theoretic perspective these hierarchies are interesting classes. The 
graphs generated by higher-order pushdown systems are exactly the graphs in the Caucal- 
hierarchy [Carayol and Wohrle 2003, . Thus, they are one of the largest known classes with 
decidable monadic second-order theories. In contrast, Broadbent |2010) recently showed 
that the first-order theories of graphs generated by level 3 collapsible pushdown systems 
are in general undecidable (level 2 collapsible pushdown graphs have undecidable monadic 
second-order theories but decidable first-order theories [Hague et al. 2008} IKartzow 2010) ). 
Thus, the collapse operation induces a drastic change with respect to classical decidability 
issues. 

Furthermore, collapsible pushdown graphs have decidable modal /i-calculus theories 
[Hague et al. 2008 . In fact, the class of collapsible pushdown graphs and the class of nested 
pushdown trees are the only known natural classes with decidable modal /i-calculus theories 
but undecidable monadic second-order theories. 

Further study of the higher-order pushdown hierarchy and the collapsible pushdown hier- 
archy is necessary for a better understanding of these results. It may also reveal an answer 
to the question whether safety implies a semantical restriction for recursion schemes. 

In this paper we introduce the hierarchy of higher-order nested pushdown trees. This is a 
new hierarchy between the hierarchy of higher-order pushdown trees and that of collapsible 
pushdown graphs. We hope that its study reveals more insights into the structure of these 
hierarchies. 

Nested pushdown trees were first introduced by Alur et al. |2006) . These are trees gen- 
erated by pushdown systems (of level 1) enriched by a new jump relation that connects 
each push operation with the corresponding pop operations. They introduced these trees 
in order to verify specifications concerning pre/postconditions on function calls/returns in 
recursive first-order programs. "Ordinary" pushdown trees offer suitable representations 
of control flows of recursive first-order functions. Since these trees have decidable monadic 
second-order theories [Muller and Schupp 1985| , one can use these representations fruitfully 
for veriflcation purposes. But monadic second-order logic does not provide the expressive 
power necessary for deflning the position before and after the call of a certain function 
in such a pushdown tree. Alur et al.'s new jump relation makes these pairs of positions 
deflnable by a quantifier-free formula. Unfortunately, this new relation turns the monadic 
second-order theories undecidable. But they showed that modal /x-calculus model checking 
is still decidable on the class of nested pushdown trees. Thus, nested pushdown trees form a 
suitable representation for control flows of flrst-order recursive programs for the veriflcation 
of modal /i-calculus definable properties of the control fiows including pre/postconditions 
on function calls/returns. 

Of course, the idea of making corresponding push and pop operations visible is not re- 
stricted to pushdown systems of level 1. We define a level n nested pushdown tree (ri-NPT) 
to be a tree generated by a level n pushdown system (without collapse!) expanded by a 
jump relation that connects every push of level n with the corresponding pop operations 
(of level n) . 

This new hierarchy contains by definition expansions of higher-order pushdown trees. 
Moreover, we show that the class of n-NPT is uniformly first-order interpretable in the 
class of level n+1 collapsible pushdown graphs. 

We then study first-order model checking on the first two levels of this new hierarchy. 
In particular, we provide a 2-EXPTIME alternating Turing machine deciding the model 
checking problem for the class of 1-NPT. We already proved the same complexity bound 
m [Kartzo w"2009] . Here, we reprove the statement with a different technical approach that 
generalises to the higher levels of the nested pushdown tree hierarchy. 
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Outline. Section [2] contains some basic definitions concerning first-order logic and higher- 
order pushdown systems. Moreover, we recall the basics of Ehrenfeucht-Fraisse games and 
explain how the analysis of strategies in these games can be used to derive first-order model 
checking algorithms on certain classes of structures. In Section |3l we then introduce the 
hierarchy of nested pushdown trees. We relate this hierarchy to the hierarchies of pushdown 
trees and of collapsible pushdown graphs. From that point on, we only focus on the first- 
order model checking problem for the first two levels of the nested pushdown tree hierarchy. 
In Section 13.11 we explain the rough picture how the ideas of Section 12.11 lead to a model 
checking algorithm for this class. We then give an outline of the Sections |3H7] which provide 
the details of the correctness proof for the model checking algorithm presented in Section 
[71 Finally, we give some concluding remarks and point to open problems in Section IS] 

2. PRELIMINARIES AND BASIC DEFINITIONS 

We denote first-order logic by FO. The quantifier rank of some formula ip e FO is the 
maximal number of nestings of existential and universal quantifiers in (p. We denote by FOp 
the set of first-order formulas of quantifier rank up to p and by =p equivalence of structures 
(with parameters) with respect to all FOp formulas. This means that for structures 21, *B 
and parameters a e 2t", b e 03", 21, a =p *B,6 if and only if for all p e FOp (with n free 
variables), 21 1= 1^9(0) *8 1= p(b) holds. 

The FO model checking problem on a class C asks for an algorithm that determines 
whether 21 1= on input (21,(^5) where 21 e C and (p 6 FO. In Section 12. 1[ we develop 
a translation from dynamic-small-witness strategies in Ehrenfeucht-Fraisse games to FO 
model checking algorithms on nice classes of structures. A dynamic-small-witness strategy 
in the Ehrenfeucht-Fraisse game allows Duplicator to answer any challenge of Spoiler by 
choosing some element with a short representation. In Section [2.2l we introduce higher-order 
pushdown systems. 

2.1. Ehrenfeucht-FraYsse Games and First-Order Model Checking 

The equivalence =p has a nice characterisation via Ehrenfeucht-Fraisse games. Based on the 
work of Frai'sse [1954] . Ehrenfeucht [1961 introduced these games which have become one 
of the most important tools for proving inexpressibility of properties in first-order logic. In 
this paper, we use a nonstandard application of Ehrenfeucht-Fraisse game analysis to the 
FO model checking problem: strategies of Duplicator that only choose elements with small 
representations can be turned into a model checking algorithm. After briefly recalling the 
basic definitions, we explain this approach to model checking in detail. In the main part of 
this paper, we will see that this approach yields an FO model checking algorithm on the 
class of nested pushdown trees of level 2. 

Definition 2.1. Let 2ti and 2I2 be cr-structures. For tuples 

= al,al,.. .,al^eA'^ and = af^al, . . . e A™ 

we write 1-^ for the map that maps aj to for all 1 < i < m. In the n-round 
Ehrenfeucht-Fraisse game on 2li, a}, 03, . . . , and 2I2, a^, a|, . . . , for € Aj there are 
two players. Spoiler and Duplicator, which play according to the following rules. The game 
is played for n rounds. The i-th round consists of the following steps. 

(1) Spoiler chooses one of the structures, i.e., he chooses j € {1,2}. 

(2) Then he chooses one of the elements of his structure, i.e., he chooses some a-'^_^^- e Aj. 

(3) Now, Duplicator chooses some a^^l^ e 

Having executed n rounds. Spoiler and Duplicator have chosen tuples 

-1.11 1 ^ tm+n „ 1 -2 . 2 2 2 ^ tm+n 

a := 01,02, . . . ,a„+„ 6 and o := o^, O2, . . . , o„+„ e ^3 • 
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Duplicator wins the play ii f : >->■ is a partial isomorphism, i.e., if / satisfies 

(1) a] = Oj if and only if a| = for all l<i<j<m + n, and 

(2) for each Ri e a of arity r the following holds: for ii, 12, . . . , v numbers between 1 and 
■m + n, 2ti, 1= RiXi-^xt^ ■ ■ . Xi^ if and only if 2I2, 1= RiXi^Xi^ ■ ■ - Xi^. 

Lemma 2.2 f jFRA'isSE 19541 IEhrenfeucht l"96l| l. Lei 2ti, 212 be structures and let 
6 21", 6 2t2 be n-tuples. Duplicator has a winning strategy in the p-round Ehrenfeucht- 
Frai'sse game on Qli,a^ and 2l2,a^ if and only ifQli,a} =p 2l2,a^. 

In this paper we apply the analysis of Ehrenfeucht-Frai'sse games to the FO model check- 
ing problem. We use a variant of the notion of i7-boundedness of Ferrante and Rackoff 
[1979 . The existence of certain restricted strategies in the game played on two identical 
copies of a structure yields an FO model checking algorithm. 

We consider the game played on two copies of the same structure, i.e., the game on 21, 
and 21, with identical choice of the initial parameter = e 21. Of course. Duplicator 
has a winning strategy in this setting: she can copy each move of Spoiler. But we look 
for winning strategies with certain constraints. In our application the constraint is that 
Duplicator is only allowed to choose elements that are represented by short runs of higher- 
order pushdown systems, but the idea can be formulated more generally. 

Definition 2.3. Let C be a class of structures. Assume that S'^{m) £ 21™ is a subset of 
the m-tuples of the structure 21 for each 2t e C and each m e N. Set S := {S'^{m))„i^f.i^<^^c- 
We call S a constraint for Duplicator's strategy and we say Duplicator has an S -preserving 
winning strategy if she has a strategy for each game played on two copies of 21 for some 
21 6 C with parameters, i.e., a game on 21, and 21, for n-tuples a} , with the following 
property. Let P be a position reached after m rounds where Duplicator used her 

strategy. If e S^{m + n) and Spoiler chooses some element in the first copy of 21, then 
her strategy chooses an element a^^^ such that ,a^^i e S^{m + n + 1). 

Remark 2.4. We write S{m) for S^{m) if 21 is clear from the context. 

We now want to turn an ^'-preserving strategy of Duplicator into a model checking 
algorithm. The idea is to restrict the search for witnesses of existential quantifications to 
the sets defined by S. In order to obtain a terminating algorithm, S must be finitary in the 
sense of the following definition. 

Definition 2.5. Given a class C of finitely represented structures, we call a constraint 
S for Duplicator's strategy finitary on C, if for each 21 e C we can compute a monotone 
function f% such that for all n e N 

— S'^{n) is finite, 

— there is a representation for each a € S'^{n) in space f%{n), and 

— a € S^{n) is effectively decidable. 

Recall the following fact: if Duplicator uses a winning strategy in the n round game, 
her choice in the (m + l)-st round is an element a^^j^ for appropriate i € {1,2} such that 
21, a^,alj^^i =n-m-i 2t, a^, cim+i- If Duplicator has an S'-preserving winning strategy, then for 
every formula (p{xi^ 0:2, ... , Xm+i) 6 FO„_m_i and for all a e A™ with a e S{m) the following 
holds: 

there is an element a e A such that a, a e S{m +1) and 21, a, a 1= (/? (1) 
iff there is an element a e A such that 21, a, a 1= (2) 
iff 21, a 1= Ba^m+iiyS- (3) 
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All implications except for ([2]) ^ (H} are trivial. This iniplication follows from the definition 
of an S'-preserving winning strategy applied to a game starting in position 21, a =n-m 2t, a. If 
Spoiler chooses any a' € 21 such that 21, a, a 1= if, then by definition of S'-preserving winning 
strategy, Duplicator may respond with some a € 21 such that a,a e S{m + 1) such that 

Let us fix some class C of finitely represented structures and let S be some finitary 
constraint on C such that Duplicator has an S'-preserving winning strategy. Iterated use 
of the equivalence of ([T]) and ([3]) shows that the alternating Turing machine described 
in Algorithm [T] solves the FO model checking problem on Cjj Note that for a universal 
quantifier ^xtp we actually apply the equivalence to the formula -'if. The running time of 
this algorithm on input (2t, ip) is /sid'/'l) 'Ivl a-nd it uses at most \ip\ many alternations where 
\(p\ denotes the length of the formula (p. 



SModelCheck 

Input: a structure 21 , a formula f e FOp, an assignment x i-^ a for tuples a;, a of arity 

m such that a e S{m) 
if if is a (possibly negated) atom then 
I if 2t,a 1= fix) then accept else reject; 
end 

if (p = (fii w ip2 then 

if SModelCheck (21, a, (^i) = accept then accept else 
I if SModelCheck(2t,a,v52)= accept then accept else reject; 

end 
end 

if tf = (fii A ip2 then 

if SModelCheck (2t, a, (^i) = accept then 
I if SModelCheck (21, a, (^2)= accept then accept else reject; 
end 

else reject; 
end 

if (p= 3x(pi{x,x) then 

I guess an a € 21 with a, a e S{m + 1) and SModelCheck (21, aa, ifii); 
end 

if ip = ^Xiifi then 

I universally choose an a € 21 with a,a e S{m + 1) and SModelCheck (21, aa, (fii); 
end 

Algorithm 1: FO-model checking on S-preserving structures 



2.2. Higher-Order Pushdown Systems 

In order to define what a level n nested pushdown tree is, we first have to introduce push- 
down systems of level n (n-PS). 

An n-PS can be seen as a finite automaton with access to an n-fold nested stack structure. 
This generalises the notion of a pushdown system by replacing a single stack with a structure 
that is a stack of stacks of stacks ... of stacks. A nested stack of level n can be manipulated 
by level I push and pop operations for each level I < n. For 2 < I < n, the level / push 



^Without loss of generality we assume first-order formulas to be generated from atomic and negated atomic 
formulas only by means of disjunction V, conjunction A, existential quantification 3 and universal quanti- 
fication V. 
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opc;ration clone; duplicates the topmost entry of the topmost level I stack. The level 1 push 
operation push^ writes the symbol a on top of the topmost level 1 stack. For 1 <l <n, the 
level I pop operation pop; removes the topmost entry of the topmost level I stack. 

For some alphabet S, we inductively define the set of level n stacks over S (n-stacks), 
denoted by S^" as follows. Let := denote the set of all nonempty finite words over 
alphabet S. We then define S^^"-"^) := + . 

Let us fix an (n + l)-stack s e xhis stack s consists of an ordered list 

si,S2, ■ ■ ■ ,Sm e E"^". If we want to state this list explicitly, we separate them by colons 
writing s = si : S2 ■ ■ ■ ■ ■ s„j. By |,s| we denote the number of n-stacks s consists of, i.e., 
\s\ = m. We call \s\ the width of s. We also use the notion of the height of s. This is 
hgt(s) := max{|sj| : 1 < i < m}, i.e., the width of the widest n-stack occurring in s. 



€ S+("+i) and 



4:. 



Let s and s' be (n + l)-stacks such that s = si : S2 s^^ 
s'l € We write s ■ s' for the concatenation si : S2 ■ ■ ■ ■ ■ '■ s'l ■ s'^ ■ ■ ■ • ■ s'l. 

If s e S'^^""^) , we denote by [s] the n-stack that only consists of a list of length 1 that 
contains .s. We regularly omit the brackets if no confusion arises. 

Let S be some finite alphabet with a distinguished bottom-of-stack symbol 1 6 S. The 
initial stack i; of level I over E is inductively defined by ii := [l] and i„ := 

Before we formally define the stack operations, we introduce an auxiliary function 
top;. that returns the topmost entry of the topmost A;-stack. Let s = si : S2 : • • • : s„ e S"^' 
be some stack and let 1 < k < I. We define the topmost level k - 1 stack of s to be 
I S77, if A/ — / « 



topfc(s) : 



topj,(s„) otherwise. 



Definition 2.6. For s = si: S2 
we define the stack operations 



: Sn e T,-^, for cr € E \ {i}, for 1 < A; < Z and for 2<j<l, 



clonej(s) := 
push^(s) := 

PoPfc(s) := 



Si: S2- ••• ■ Sn-i : s„ : s„ if j = l> 2, 

si : S2 '■ • • • '■ Sn-1 '■ clonej(s„) otherwise. 

sa if / = 1, 

Si : S2 : ••• : s„_i : push^(s„) otherwise. 

.51 : S2 : ••• : S„_i : popj,(s„) if fc < /, 

.Si : .S2 : ••• : S„-i if A; = Z,n > 1, 

undefined otherwise, i.e., A; ■ 



1. 



The set of level I operations is denoted by OP;. 



For 2 < / < n and cr € E, we call push^. a push of level 1 and clonej a push of level i. 

For stacks s,s' we write s < s' and say s is a substack of s' if s is generated from s' 
by application of a sequence of pop operations (of possibly different levels). Note that on 
1-stacks, i.e., on words, < coincides with the usual prefix relation. 

Having defined l-stacks, we present pushdown systems of level /. 

Definition 2.7. A pushdown system of level I {l-PS) is a tuple S = {Q,'E,A,qo) where 
Q is a finite set of states, E a finite stack alphabet with a distinguished bottom-of-stack 
symbol 1 eY,, e Q the initial state, and AcQxExQx OP; the transition relation. 

An I- configuration is a pair (g,s) where q^Q and s € E"^'. For qi,q2 & Q, s,t & E"^' and for 
^ = ill J J 12, op) e A, we define the 5-relation as follows. Set (qi,s) {q2,t) if op(s) = t 
and topi(s) = a. We call h:= {Js^a the transition relation of <S. 
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Definition 2.8. Let S be an Z-PS. A run p of 5 is a sequence of configurations that are 
connected by transitions, i.e., a sequence 

We also write p{i) ■= Ci for the i-th configuration occurring within p. We call n the length 
of p and set len(p) := n. If some run tt is an initial segment of the run p, we write tt < p. We 
write TT < p if TT is a proper initial segment of p. 
If TT and p are runs 

7r= Co h"'! Ci h''^ C2 h''^ -h''" c„ 

then we denote by tt o p the composition of tt and p which is the run from cq to c„+m defined 
by 

^ o p = Co Ci H*^ C2 - H*" C„ H^-^ C„+i H^^^ C„+2 H^'-^ - H*-" C„+™. 

3. THE NESTED PUSHDOWN TREE HIERARCHY 

Generalising the definition of nested pushdown trees (cf. [Alur et al. 2006| ). we define a 
hierarchy of higher-order nested pushdown trees. A nested pushdown tree is the unfolding 
of the configuration graph of a pushdown system expanded by a new relation (called jump 
relation) which connects each push operation with the corresponding pop operations. Since 
higher-order pushdown systems have push and pop operations for each stack level, there 
is no unique generalisation of this concept to trees generated by higher-order pushdown 
systems. We choose the following (simplest) version: we connect corresponding push and 
pop operations of the highest stack level. This choice ensures that the jump edges form a 
well-nested relation. We discuss possible other choices for the definition at the end of this 
section. 

Definition 3.1. Let J\f = ((3,S,(Zo-^) be an n-PS. The level n nested pushdown tree 
(n-NPT) NPT(A/') = {R,{'^^)s^A,^) is the unfolding of the pushdown graph of A/" from 
its initial configuration expanded by a new jump relation ^ which is formally defined as 
follows. 

— i? is the set of all runs of I\f that start in the initial configuration (go, -l-n) of AA, 

— I-'' contains a pair of runs (pi,P2) if P2 = Pi ° p' for some run p' of length 1 such that 
p' = pi(len(pi)) i-"^ c for some configuration c, and 

— is the binary relation such that pi ^ p2 if P2 decomposes as p2 = pi ° p for some run p 
of length m > 2 starting and ending in the same stack s such that 

p(0) and p{l) are connected by a level n push operation, 

p(m - 1) and p{m) are connected by a level n pop operation, and 

p{i) + {q, s) for all 1 < i < TO and all q e Q. 

We use I- as abbreviation for the union i— := U^ea '~ • 

Remark 3.2. Note that for aU p2 e NPT(A/') there is at most one pi 6 NPT(Ar) with 
Pi ^ P2, but for each pi € NPT(A/') there may be infinitely many p2 s NPT(A/') with 
Pi ^ P2- 

Example 3.3. Consider the 2-PS Af = (Q, S, go, A) with 

— Q = {qo,qi,q2}, 

— E = {i,a}, and 

— A = { ( go , 1 , gi , clone2 ) , ( 91 , i , gi , push^ ) , ( gi , a , qi , push^ ) , ( qi , a , (72 , pop2 ) } • 
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The 2-NPT N is the graph NPT(A/') depicted in Figure ESI 




Fig. 1. Example of a 2-NPT (edge labels are omitted) 



For each I < I' the class of nested pushdown trees of level I are uniformly first-order 
interpretable in the class of nested pushdown trees of level If / = 1, one just replaces any 
pushg. transition by a clone;/ transition followed by a push^ transition. Furthermore, one 
replaces each popj^ transition by a pop;/ transition. In all other cases, we just replace clone; 
and pop; by clone;' and pop;/. 

Comparison of Nested Pushdown Tree Hierarchy and Other Hierarchies. The hierarchy of 
higher-order nested pushdown trees is a hierarchy strictly extending the hierarchy of trees 
generated by higher-order pushdown systems (without e-contraction!) . Furthermore, it is 
first-order interpretable in the collapsible pushdown graph hierarchyO We now sketch the 
proof of this claim. Fix an Z-PS N . N generates an /-NPT 'Vl. Each node of 91 represents a 
run of M starting in the initial configuration. A run can be seen as a list of configurations. 
This is a list of pairs of states and stacks. Pushing the state on top of the stack, a run can 
be represented as a list of Z-stacks. Let si, S2, S3, . . . , s„ be the stacks representing some run. 
Then si : S2 • ' ' ' • s„ is an + l)-stack representing the run. In this representation, an edge 
in the Z-NPT corresponds to the extension of si : S2 ■ • • • ^ Sn to a list si : S2 : • • • : Sn ■ s„+i 
where s„+i is generated from s„ by removing the state written on top of s„, applying a 
stack operation and writing the new final state on top of the stack. Hence, we can use this 
representation and define a level + 1)-PS S such that the tree generated by M is first-order 
interpretable in the configuration graph of 5. We interpret each edge of NPT(A/') as a path of 
length 4 in the configuration graph of S. Such a path performs the operations clone„ - popj^ 
-op - pushg for some level / operation op. Replacing 5 by a certain collapsible pushdown 

system 5, we can generate the same graph but with additional collapse-transitions that 
form exactly the reversals of the jump edges of 91. This means that if a, 6 e 91 such that 
a ^ b, and a', b' are the representatives of a and b in the configuration graph of S, then there 
is a collapse edge from 6 to a. A detailed proof of this claim can be found in [Kartzow 2011j . 

Of course, these observations immediately lead to the following questions concerning 
the relationship between nested pushdown trees and collapsible pushdown graphs. In the 
following, we use the term interpretation for any kind of logical interpretation that allows 
to transfer properties definable in some fixed logic from one class to another. 

(1) Can level n nested pushdown trees be interpreted in the class of level n collapsible 
pushdown graphs? We have a weak conjecture that the answer to this question is no. 



*The hierarc hy of collapsible pushdown graphs is the class of configuration graphs of collapsible pushdown 
systems (cf. [Hague et al. 20 08 ). Collapsible pushdown systems of level I are defined analogously to Z-PS 
but with transitions that may also use a stack-operation called collapse. This new operation summarises 
several pop operations. 
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Since n-NPT contain the trees generated by n-PS, they seem to be on level 2.5 with 
respect to graph hierarchies: recall that the graphs of {n + 1)-PS are obtained from the 
graphs of n-PS using an unfolding followed by a monadic second order interpretation. 
The unfolding operation yields the class of trees of n-PS. In this sense, n-NPT expand 
level n + i of the pushdown graph hierarchy and we conjecture that even this class is 
not interpretable in collapsible pushdown graphs of level n. 
(2) Is there a meaningful notion of logical interpretation that allows to interpret the class 
of collapsible pushdown graphs of level n + 1 (or n) in the class level n nested pushdown 
trees? Note that we know that collapsible pushdown graphs of level 3 are not first-order 
interpretable in 2-NPT because the former do not enjoy decidable first-order theories 
while the latter do. Also note that collapsible pushdown graphs of level 1 arc just 
pushdown graphs and level 1-NPT expand the unfoldings of such graphs. As discussed 
in question (1), we expect that there is no interpretation of level 1 collapsible pushdown 
graphs in 1-NPT. Thus, we tend to expect that the answer to both questions is no, but 
further investigation is needed for clarification. 

Other possible definitions of n-NPT. For the definition of jump edges, one could consider 
push operations of every level / < n. Here the following possibilities seem to be plausible. 

(1) Only connect runs pi and p2 if P2 extends pi by a run p such that p starts with a push;- 
operation and ends with a pop; operation that removes the / - 1 stack created in thel 
first transition of p. This choice implies that not every push operation induces a jump 
edge along every path of the nested pushdown tree: if a push; operation is followed by a 
pop;/ operation for / < I' the stack that was created by the push is removed together with 
the higher level stack it is contained in. Thus, this generalisation lacks the nice property 
of 1-NPT that if a jump edges starts at some run p, then p has a jump successor in 
each branch starting at p. On the positive side we expect that this definition would 
still allow an interpretation of n-NPT in collapsible pushdown graphs of level n + 1 as 
described in the previous paragraph. 

(2) A jump edge starts in each branch whenever we perform a push operation of any level 
and it points to the first descendant along this branch where the newly created stack 
disappears for the first time. As opposed to the previous possibility, here we would have 
a jump edge from p to p i-P"^*^' c' i-P°P'' c if /' > /. This choice leads to fairly complicated 
structures. In the models discussed before, the indegree is always bounded by 2. In 
this version of nested pushdown trees the indegree is finite but unbounded because 
many push; operations may have the same corresponding pop;/ operation if /' > In 
particular, it seems to be difficult to find an interpretation of this version in the class 
of collapsible pushdown graphs. The given interpretation for the version that we chose 
relies heavily on the functionality of the inverse jump edges. 

Both possible extensions of our definition of n-NPT seem to make the structures more 
complicated. We do not know whether the techniques presented in this paper can be adapted 
to treat those structures as well. 

3.1. Towards Model Checking on Level 2 NPT 

In the following, we develop an FO model checking algorithm on 2-NPT. In fact, we prove 
that the general approach via the dynamic-small-witness property developed in Section 12.11 
is applicable in this case. In other words, we prove that we can compute a finitary constraint 
for Duplicator's strategy on an arbitrary 2-NPT D^. 

Fix some 2-PS N of level 2 and set 01 := NPT(A/') . We show the following. lim,p\= 3xip for 
some formula (p e FO , then there is a short witness p for this existential quantification. 
Here, the length of an element is given by the length of the run representing this element. 
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We consider a run to be short if its size is bounded in terms of the length of the runs 
representing the parameters p. 

We stress that locahty arguments in the spirit of Gaifman's theorem do not apply in this 
setting: the jump edges tend to make the diameter of 2-NPT small (recall that the 2-NPT 
in figure [3731 has diameter 4). 

The rough picture of our proof is as follows. We analyse the a-round Ehrenfeucht-Frai'sse 
game on two copies of 91 and show that Duplicator has a restricted winning-strategy. Our 
main technical tool is the concept of relevant ancestors. For each element of 91, the relevant 
/-ancestors are a finite set of initial subruns of this element. Intuitively, some run p' is a 
relevant Z- ancestor of a run p if it is an ancestor of p which may be connected to p via a 
path of length up to / that witnesses the fact that p' is an ancestor of p. It turns out that 
there are at most 4' such ancestors. Surprisingly, the set of 2'-ancestors characterises the 
FO;-type of p. Thus, Duplicator has a winning strategy choosing small runs if for every 
element of 9! there is a small one that has an isomorphic set of relevant ancestors. 

The analysis of relevant ancestors reveals that a relevant ancestor pi is connected to the 
next one, say p2, by either a single transition or by a run tt of a certain kind. This run tt 
satisfies the following conditions: p2 decomposes as p2 = Pi° tt, the initial stack of tt is s : w 
where s is some stack and w is some word. The final stack oi it is s ■ w v for some word v 
and TT does never pass a proper substack oi s:w. 

Due to this result, a typical set of relevant ancestors is of the form 

Pi< P2< Pz<--- < Pm = P, 

where Pn+i extends pn by either one transition or by a run that extends the last stack of p„ 
by a new word v. If we want to construct a short run p' with isomorphic relevant ancestor 
set, we have to provide short runs 

P'i< P'2< p':i<---< P'm = P 

where p'^-^^i extends p'^ in exactly the same manner as pn+i extends pn- 

We first concentrate on one step of this construction. Assume that pi ends in some 
configuration (g, s ■ w) and p2 extends pi by a run creating the stack s ■ w : v. How can we 
find another stack s' and words w',v' such that there is a short run p[ to {q,s' ■ w') and a 
short run p2 that extends p[ by a run from (q, s' : w') to the stack s' ■ w' ■ v'l 

We introduce a family of equivalence relations on words that preserves the existence of 
such runs. If we find some w' that is equivalent to w with respect to the «-th equivalence 
relation, then for each run from s ■ w to s ■ w ■ v there is a run from s' ■ w' to s' ■ w' ■ v' for 
V and v' equivalent with respect to the (i - l)-st equivalence relation. 

Let us explain these equivalence relations. Let pi be a run to some stack s ■ w and let p2 
be a run that extends pi and ends in a stack s ■ w ■ v. We can prove that this extension is of 
the form op„ o A„ o op.^_i o A„_i o • • • o opj^ o Ai where the Xi are loops, i.e., runs that start and 
end with the same stack and op„, op„_]^, . . . , opj^ is the minimal sequence generating s : w ■ v 
from s ■ w. Thus, we are especially interested in the loops of each prefix popi{w) of w and 
each prefix popi{w') of w' . For this purpose we consider the word models of w and w' 
enriched by information on runs between certain prefixes of w or w' . Especially, each prefix 
is annotated with the number of possible loops of each prefix, w and w' are equivalent with 
respect to the first equivalence relation if the FOfe-types of their enriched word structures 
coincide. The higher-order equivalence relations are then defined as follows. We colour every 
element of the word model of some word w by the equivalence class of the corresponding 
prefix with respect to the (i - l)-st equivalence relation. For the i-th equivalence relation 
we compare the FOfc-types of these coloured word models. This means that two words w 
and w' are equivalent with respect to the i-th equivalence relation if the FOfc-types of their 
word models expanded by predicates encoding the {i - l)-st equivalence class of each prefix 
coincide. 
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This iteration of equivalence of prefixes leads to the following result. Let w and w' be 
equivalent with respect to the i-th relation. Then we can transfer runs creating i words in 
the following sense: if p is a run creating w ■ vi : V2 Vi from w, then there is a run p' 
creating w' ■ v[ ■ V2 v[ from w' such that Vk and are equivalent with respect to the 
(i - fc)-th relation. This property then allows us to construct isomorphic relevant ancestors 
for a given set of relevant ancestors of some run p. We only have to start with a stack s' : w' 
such that w' is z-equivalent to the topmost word of the minimal element of the relevant 
ancestors of p for some large z e N. 

This observation reduces the problem of constructing runs with isomorphic relevant an- 
cestors to the problem of finding runs whose last configurations have equivalent topmost 
words (with respect to the i-th equivalence relation for some sufficiently large i) such that 
one of these runs is always short. 

We solve this problem by developing shrinking constructions that allow the preservation of 
the equivalence class of the topmost word of the final configuration of a run while shrinking 
the length of the run. 

Putting all these results together, for every nested pushdown tree of level 2, we can 
compute a finitary constraint S such that Duplicator has an S'-preserving strategy. This 
shows that the general model checking algorithm from Section [53] solves the the FO model 
checking problem on 2-NPT. 

3.2. Outline of the Proof Details 

In the next section, we discuss the theory of loops first developed in [Kartzow 2010] . We also 
develop shrinking lemmas for long runs. Then we introduce the central notion of relevant 
ancestors and develop some basic theory concerning these sets in Section [5] In Section [5.21 
we define equivalence relations on words and trees which can be used to construct runs 
with isomorphic relevant ancestors. In Section [6l we first lift these equivalences on stacks 
to equivalences on tuples of elements of 2-NPT by pairwise comparison of the equivalence 
type of the topmost stacks of each relevant ancestor of each element in the tuples. We 
then prove that the preservation of equivalence classes of relevant ancestors is a winning 
strategy in the Ehrenfeucht-Fraisse game. Furthermore, Duplicator can always choose small 
representatives. Finally, in Section[7]we derive an FO model checking algorithm on 2-NPT. 
In that section we also show that this algorithm restricted to the class of all 1-NPT is in 
2-EXPSPACE. Unfortunately, we do not obtain any complexity bounds for the algorithm 
on the class of 2-NPT. 

4. SHRINKING LEMMAS FOR RUNS OF 2-PS 

In this section, we analyse runs of 2-PS between certain configurations. Especially, we look 
at runs starting at the initial configuration and at runs extending its starting stack s by 
some word w € E^, i.e., runs starting in s and ending in s : w that do not visit substacks 
of s. If there is a run p of one of these types, we will see that there is also a short run p' 
with the same initial and final configuration as p. "short" means that len(p') is bounded by 
some function depending on the pushdown system, on the width and height of s and on the 
length of w. We first developed this theory in [Kartzow 2010| . We briefly recall this theory 
and sketch the main proofs. For a detailed presentation, see [Kartzow 2011] . 

We first introduce the concept of milestones and generalised milestones of a 2-stack s. 
A stack i is a generalised milestone of s if every run of every 2-PS that leads from the 
initial configuration to s has to pass t. Milestones are those generalised milestones that are 
substacks of s. Generalised milestones of s induce a natural decomposition of any run from 
the initial configuration to some configuration with stack s. Due to a result of Carayol (that 
we state soon), generalised milestones can be characterised as follows. 
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Definition 4.1. Let s = wi ■ W2 Wk be a 2-stack. We define the set of generalised 

milestones of s, denoted by GMS(s), as follows. A stack m is in GMS(s) if 

m = wi ■ W2 Wi : Vi+i where < i < fc, 
Wi n Wi+i < Vi+i and 
Vi+i < Wi or Vi+i < Wi+i. 

where w denotes the maximal common prefix of w and v. If Ui+i < w^+i, we call m a 
milestone of s. The set of milestones of s is denoted by MS(s). 

Remark 4.2. Note that |GMS(s)| < 2 • hgt(s) • \s\. 

In order to show that this definition fits our informal description, we define the notions 
of loops and returns. Loops appear as a central notion in our formulation of Carayol's 
result. Moreover, the theory of loops and returns is also the key ingredient to our shrinking 
constructions. We will generate short runs from longer ones by replacing long loops by 
shorter ones. 

Definition 4.3. Let s = t : w he some stack with topmost word w and q, q' e Q. A run A 
from (q, s) to {q' , s) is called loop if it does not pass t. It is called a high loop if it additionally 
does not pass pop]^(s). A run p from {q,t : w) to {q' ,t) is called return if it visits t only in 
its final configuration. 

The following lemma of Carayol shows that generalised milestones and loops play a crucial 
role in understanding the existence of runs. 

Lemma 4.4 f jCARAYOL 200"5l| l. For each stack s there is a minimal sequence of oper- 
ations opi,op2, . . . ,op„ e {pushg.,popi,clone2} such that s = op„(op„_j(. . . (opj(i2)) .•■)). 

For each < j < n, the stack opj(opj_]^(. . .opQ(i2))) is a generalised milestone of s and 
every generalised milestone is generated by such a sequence. 

Furthermore, every run p from ((70,-1-2) to s passes all generalised milestones of s. More 
precisely, p decomposes as p = Ai o o A2 op2 ° ■•■ ° A„ op„ o A„+i, where pi is a run of length 
1 that performs the operation opj and Xi is a loop of the i-th generalised milestone of s. 

Thus, loops play a crucial role in understanding the existence of runs from one configur- 
ation to another. Moreover, returns and loops of smaller stacks provide a natural decom- 
position of loops. Hence, counting the number of loops and returns of certain stacks can be 
used in order to count the number of runs between certain configurations. We define the 
following notation concerning counting loops and returns up to some threshold fc e n13 

Definition 4.5. Let S = (Q, E, qi, A) be a 2-PS. Let #Ret5(s) : Q x Q ^ {0, 1, . . . , fc} be 
the function that assigns {q,q') to the number of returns from {q,s) to (9',pop2(s)) up to 
threshold fc. Analogously, let #Loop5(s) and #IILoop5(s) count the loops and high loops, 
respectively, from {q,s) to {q',s) up to threshold fc. 

If S is clear from the context, we omit it and write ^^Loop for ^^Loopg, etc. 

Remark 4.6. Note that loops and returns of some stack s ■ w never look into s. Hence, 
#Loop''(s : w) = #Loop''(t : w) for every word w and arbitrary stacks s and t. If s and t 
are both nonempty stacks, the analogous statement holds for =i^Ret'^. Thus, we will write 
#Loop*'(w) for #Loop'^(s : w) where s is an arbitrary stack. Analogously ^Rct''{w) := 
#:Ret (s : w) for any nonempty stack s. 



^Counting the size of a set up to some threshold fc e N means that we assign the value fc to the set if it 
contains at least k elements, i.e., fc stands for "fc or more". 
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The numbers of loops and of returns of some stack s inductively depend on the number 
of loops and returns of its substacks. In preparation for the proof of this observation we 
recall the notion of stack replacement introduced in [Blumensath 2008] . 

Definition 4.7. For some level 2 stack t and some substack s <t we say that s is a prefix 
of t and write s<t, if there are n < m e N such that s = wi ■ W2 '■ •■• '■ Wn-i '■ Wn and 
t = uui : W2 ■ ■ ■ '■ Wn-i '■ Vn ■ such that Wn < Vj for all n < j < m. This means that 

s and t agree on the first |s| - 1 words and the last word of s is a prefix of all other words 
of t. We extend this definition to runs by writing s< p ii p is some run and s < ti for ti the 
stack at p{i) and for all i e dom(p). 

Let s,t,u be 2-stacks such that s<t. Assume that 

S = Wi ■■ W2 ■ ■■■ ■ Wn-l ■ Wn, 

t = Wi-W2---- Wn-l ■ Vn ■ ■ ■ ■ ■ ■ v„i, and 
u = Xi : X2 Xp 

for numbers n,m,p € N with n < m. For n < i < m, let Vi be the unique word such that 

Vi = Wn ° Vi. Set 

t[s/u] ■■= Xi ■■ X2 ■■ ■ ■ ■ ■■ Xp-i ■■ (XpOVn) : {XpOijn+i) : •■• : (XpOVm) 

and call t[s/u] the stack obtained from t by replacing the prefix s by u. For c = {q,t) a 
configuration, set c[s/u\ := {q,t[s/u\). 

Lemma 4.8 f |BLUMENSATH 2008] V Let p be a run of some 2-PS S. Let s,u e 1]+^ 
be stacks such that s<p and topi{u) = topi{s). Then the function p[s/u] defined by 
p[s/u]{i) •■= p{i)[s/u] is a run ofS. 

We extend the notion of prefix replacement to runs that are s-prefixed at the beginning 
and at the end and that never visit the substack pop2(s). Such a run may contain "holes", 
i.e., parts that are not prefixed by s. We show that these holes are always loops or returns. 
Thus, we can replace a prefix by another one if these two share the same types of loops and 
returns. The following lemma prepares this new kind of prefix replacement. 

Lemma 4.9. Let Af be some 2-PS and let p be a run of Af of length n. Let s be a stack 
with topmost word w := top2(s) such that 

s < p(0) , s < p{n) , and \s\ < \p{i) \ for all < i < n. 

There is a unique sequence = io < jo < ii < ji < ■ ■ ■ < im-i ^ jm-i < im ^ jm = n such that 

(1) s< p\^ii^ jf,^ for all Q < k < m and 

{2) top2(p(jfe + 1)) = popi(w), is either a loop or a return, and p\[j^^i^^^] does 

not visit the stack of p{jk ) between its initial configuration and its final configuration 
for all < k < m. 

Proof. If s < p, then we set m := and we are done. 

Otherwise, we proceed by induction on the length of p. There is a minimal position Jq + 1 
such that s^p(jo + !)• By assumption on s, p{jo + 1) * pop2(s)- Thus, top2(p(jo)) = w and 
top2(/c(jo + 1)) = pop]^(i(;). Now, let ii > jo be minimal such that s<p{ii). Concerning the 
stack at ii there are the following possibilities. 

(1) If p{ii) = pop2(p(jo)) then pI[joAi] is a return. 

(2) Otherwise, the stacks of p{jo) and p{ii) coincide whence pl"[jo,ii] is a loop (note that 
between jo and ii the stack pop2(p(jo)) is never visited because ii is minimal, we are 
not in the first case, and by assumption \s\ < \p{ii))- 
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pt[ii,n] is shorter than p. Thus, it decomposes by induction hypothesis and the lemma 
follows immediately. □ 

This lemma gives rise to the following extension of the prefix replacement for prefixes s, u 
where s and u share similar loops and returns. 

Definition 4.10. Let s be some stack and p be a run of some 2-PS Af such that 
s<p(0), s<p{\cn{p)) and \s\ < \p{i)\ for all i e dom{p). Let u be some stack such that 
topj(u) = topi(s), #Loop^(u) = #Loop^(s) and #Rct^(u) = #Ret^(s). 

Let = io < jo < ii < ji < ■■■ < im-i ^ jm-i < im ^ jm = len(p) be the sequence 
corresponding to p in the sense of the previous lemma. We set {qk^Sk) '■= p{jk) and 
{q'kis'k) '■= p{ik+i)- By definition, p\[.j^.i^^i] is a loop or a return from {qk, Sk) to (g^, sj,.) and 
top2(sA;) = top2(s) and s<Sfc. Thus, top2(sfe[s/7i]) = top2(M). Since #Ret^(ii) = #Ret^(s) 
and #Loop^(m) = #Loop^(s), there is a run from {qk,Sk[slu\) to (9^+1, s^^]^[s/u]). We set 
Pk to be the length-lexicographically shortest run from (qfc, Sfc[s/u]) to (g^+i, s^.+i[s/u])0 

Then we define the run /9[s/u] by 

Remark 4.11. Note that p^sju] is a well-defined run from p(0)[s/u] to p(len(p)) [s/u]. 

Next, we turn to the analysis of loops and returns. In this part, we show that for each 2-PS 
there is a function relating the height of the topmost word of a stack with a bound on the 
length of the shortest loops and returns of this stack. 

First, we characterise loops and returns in terms of loops and returns of smaller stacks. 
The proof is completely analogous to the proof of Lemma 14.91 Every loop or return of some 
stack s decomposes into parts that are prefixed by s and parts that are returns or loops 
of stacks with topmost word pop]^(top2(s)). This observation gives rise to the observation 
that the numbers of loops and of returns of a stack s only depend on its topmost symbol 
and the number of loops and returns of pop]^(s). 

Lemma 4.12. Let p be some return from some stack s ■ w to s of length n. Then there 
is a unique sequence = io < jo < ii < ji < ■ ■ ■ < im-i ^ jm-i < "i-rn ^ jm = n such that the 
following holds. 

(1) s •■ w < p\^ij^ jj^^ for all < k < m and 

(2) pt[jk+i,ik+i] 0. return from some stack s' :pop]^(w) to s' . 

Let X be some loop of length n starting and ending in some stack s ■ w. Then there is a 
unique sequence = io < jo < ii < ji < • ■ ■ < im-i ^ jm-i < im ^ jm = n such that the following 
holds. 

(1) s : w for all Q < k < m and 

(2) A ['[jj.+i is either a return starting in some stack s' : pop]^(?i;) or it is a loop of 
popj^(s : w) followed by a pushj^p^^-^') transition. In this case \{jk + 1) is the first and 
A(jfc+i - 1) is the last occurrence of s : pop]^(it;) in A. 

Remark 4.13. Note that property (2) of the characterisation of returns implies that 
P^[ik,ik+i] is a return from some stack s' : w to s' . Similarly, property (2) of the charac- 
terisation of loops implies that A|~[j^ ij,^^ is a return from some stack s' : w to s' or a loop 
of s containing all occurrences of pop]^(s) in the run A. In particular, there is at most one 
A: such that is a loop. 



'We assume A to be equipped with some fixed but arbitrary linear order. 
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This lemma gives rise to the inductive computation of the number of loops and returns of 
a stack. 

Proposition 4.14. Given a 2-PS S, #Loop''(w) and #Ret'''(w) only de- 
pend on toTpi{w), pop]^(top2(u')), #Loop'^(pop]^(w)), and #Ret'^(pop]^(w)). Moreover, 
^HLoop (w) only depends on top i{w) and ^Ket {popi{w)) . 

Proof sketch. We only consider the return case and prove the following claim. Let 
s : w and s' : w' be stacks such that s and s' are nonempty, topi(w) = topi{w'), and 
#Ret (popi{w)) = #Ret (popi(u;')). We have to show that the number of returns oi s : w 
and of s' : w' coincide, i.e., #Ret''{w) = #Ret''(w'). 

For reasons of simplicity, we assume that R{q,q') := #Ret'''(pop;^(ti;))(g,q') < k for 
each q,q' € Q and we fix an enumeration p^'*^ , p^'^ ^ . . . , p^^^^ of the returns from 

{q, s : pop2(t«)) to {q' , s). Similarly, let pf^ , , • • • , p'j^q qi) be an enumeration of the re- 
turns from (g, s' : pop]^(w')) to {q',s'). 

For each return from (gi, s : w) to ((72, s) we construct a return from (qi, s' : w') to (52, s') 
as follows. Let p be such a return and let = io < jo < ii < ji < ■ ■ ■ < im-i ^ jm-i < im^ jm be 
the unique sequence according to Lemma [4. 121 Now, pk '■= ptii^.j^] is prefixed by s : w and 
ends in topmost word w. Hence, there is a run pk '■= Pk[s w/s' : w'] ending in topmost word 
w' . Furthermore, TTfc := pt[jf..ik+i] ^ PoPi transition followed by a return ak- Since ak starts 

with topmost word pop2(ti;), it is equivalent to some p^''' in the sense that it performs the 

same transitions as p^'* . Now let ak be the return that copies the transitions of /5^'* and 
starts in {q,popi{pk)). Since top]^(w) = topi(w') we can define a run -kk that starts in the 
final configuration of pk performs the same first transition as tt/c and then agrees with ak- 

It is straightforward to prove that p := po o -kq o pi o ■ ■ ■ o pm-i ° TTm-i ° Pm is a return 
from (<7i,s' : w') to {q2,s'). Furthermore, this construction transforms distinct returns from 
{qi,s : w) to {q2,s) into distinct returns from {qi,s' : w') to {q2,s'). Hence, there are at 
least as many returns from {qi,s' : w') to {q2,s') as from {qi,s : w) to {q2,s). 

Reversing the roles of s : w; and s' : w' we obtain the reverse result and we conclude that 

#Ret'=(w)(gi,(72) = #Ret'=(u.')(gi,(Z2). □ 

Proposition 4.15. There is an algorithm that, on input some 2-PS S and a natural 
number k, computes a function LLf : N ^ N with the following properties. 

[1 ) For all stacks s, all qi,q2 & Q and for i := #Loop'^(s)((7i, (72), the length-lexicographically 
shortest loops \i,...,Xi from (gi,s) to ((72, s) satisfy len(Aj) < LLf (|top2(s)|) for all 
l<j<i. 

(2) If there is a loop A from {qi,s) to ((?2,s) with len(A) > LLf (|top2(s)|), then there are 
k loops from {qi,s) to (92,pop2(s)) of length at mosi LL^, (|top2(s)|) . 

Analogously, there are functions RLf : N ^ N and HLLf : N N computable from S ) 
that satisfy the same assertions for the set of returns and high loops, respectively. 

Proof sketch. Again, we only sketch the proof for the case of returns. 

The previous proof showed that for stacks s : w and s' : w' with top]^(?x') = top]^(w') and 
#Ret (w) = #Ret (w') the returns ot s : w and of s' : w' are closely connected via the 
replacement [s : w/s' ■ w'\ A return from s -w to s decomposes into parts prefixed hy s -w 
and parts that are returns of stacks with topmost word popj^(i(;). It is a straightforward 
observation that the k shortest returns from s : w to s only contain returns from stacks with 
topmost word popi{w) among the k shortest of such returns. Furthermore, the decompos- 
ition of returns of s : it; and s' ■ w' agree on their s ■ w-prefixed and s' ■ w'-prefixed parts 
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in the sense that they perform the same transitions. Now, let R{qi,q2) '■= #Ret'^(u')(gi, 92) 
and let pi, p2, ■ ■ ■ , PR^q-^^q^) ^'^ ^^'^ R{qit<12) shortest returns from {qi,s : w) to (52, s)- Let 
m(pi) denote the number of positions in pi that are s : w prefixed and let n{pi) denote the 
number of returns from stacks with topmost word pop]^(w) occurring in pi. Let m be the 
maximum over all m(pi) and n the maximum over all n{pi). Analogously to the proof of the 
previous proposition, we can construct #Ret {w'){qi,q2) many returns from (qi,s' : w') 
to {q2,s') that have at most m positions that are s' ■ w' prefixed and that contain at most 
n many returns of stacks with topmost word pop]^(w'). Thus, if we have already defined 
RLf (|popi(ix;')|), then the shortest #Ret (w')(gi,(72) many returns from {qi,s' : w') to 
((72, s') have length at most m + n ■ RLf (|pop;i(it;')|). 

Due to the previous lemma, we can compute a maximal finite sequence of words 
wi, W2, • • ■ , Wfc such that for each pair Wi^wj, topi{'Wi) + iOY>i{'Wj) or #Ret*^(t(;i) + 
#Ret*=(wj). 

Repeating this construction for each of these words, we obtain numbers rui and rii for 
each 1 < i < fc. Set m,„ax ■= maxjmi : 1 < i < fc} and /imax •= maxjrii : \ < i < k). Since for 
any word w there is some i < k such that top]^(w) = topj^(u;i) and #Ret {w) = #Ret {wi) 
the shortest ^Ret''(w)((7i, 52) many returns from (qi, s' : w) to (92, s') have length at most 

nii + 7ii ■ RLf (|popi(ti;')|) < m,„ax + "-max ■ RLf (|popi(w')|). 

Thus, setting RLf (0) := and KLf {n + 1) := rrimax + JT-max • R-Lf (n) settles the claim. □ 

Remark 4.16. Note that we do not know any bound on m,„ax and Umax in terms of \S\. 

We conclude this section with two corollaries that allow us to shrink runs between certain 
configurations. These corollaries are important in the proof that 2-NPT have the dynamic- 
small-witness property. 

Corollary 4.17. Let S be some level 2 pushdown system. Furthermore, let {q,s) be 
some configuration and pi, . . . be pairwise distinct runs from the initial configuration to 
{q, s). There is a run pi from the initial configuration to {q, s) such that the following holds. 

(1) pi + Pi for 2 <i <n and 

(2) len(/5i) < 2 • |s| •hgt(s)(l + LLf (hgt(s))). 

Proof. If len(p i) < 2 • |s| ■ hgt (3)( l + LLf (hgt(s))), set pi ■■= pi and we are done. 
Otherwise, Remark l4.2l and Lemma [44l implies that pi decomposes as 

pi = Ao o opi o Ai o ■ • ■ o A„i_i o op„^ o A,„ 

where every A^ is a loop, every opj is a run of length 1, and to < 2 ■ |s| • hgt(s). Proposition 
14.151 implies the following: If len(Ai) > LLf (hgt(s))), then there are n loops from Ai(0) to 
Ai(len(Ai)) of length at most LL^(hgt(s))). At least one of these can be plugged into the 
position of Xi such that the resulting run does not coincide with any of the p2, pa, . . ■ , Pn- 
In other words, there is some loop A^ of length at most LL!^(hgt(s))) such that 

pi := Ao o o Ai o • • • o op. o A- o op,+i o Ai+i o • • • o A„_i o op„ o A„i 

is a run to {q,s) distinct from P2, Pi, ■ ■ ■ , Pn and shorter than pi. Iterated replacement of 
large loops results in a run p'^ with the desired properties. □ 

We state a second corollary that is quite similar to the previous one but deals with runs 
of a different form. These runs become important in Section |6l 

Corollary 4.18. Let pi,p2,...p„ be runs from the initial configuration to some con- 
figuration {q,s). Furthermore, let w be some word and pi,P2,---Pn be runs from {q,s) to 
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{q' , s : w) that do not visit proper substacks of s. If pi ° pi, P2 ° P2, ■ ■ ■ , Pn ° Pn o,re pairwise 
distinct, then there is a run p[ from {q,s) to {q',s ■ w) that satisfies the following. 

(1) p[does not visit a proper substack of s, 

(2) len{p[) < 2 • hgt(s : • (1 + LLf (hgt(s : w))), and 
(5) p\° p'l is distinct from each pi o pi for 2 <i <n. 

Proof. It is straightforward to see that pi decomposes as 

Pi = Ao o opi o Ai o • • • o A„j_i o op^^ o Am 

where every A, is a loop and every op^ is a run of length 1 such that m < 2 ■hgt(s : w). Now 
apply the construction from the previous proof again. □ 

5. RELEVANT ANCESTORS 

This section aims at identifying those ancestors of a run p in a 2-NPT OT that characterise 

its FOfc-typc. Wc show that only finitely many ancestors of a certain kind already fix the 
FOfe-typc of p. Wc call these finitely many ancestors the relevant 2'' -ancestors of p. 

5.1. Definition and Basic Observations 

Before we formally define relevant ancestors, we introduce some sloppy notation concerning 
runs. We apply functions defined on stacks to configurations. For example if c = {q,s) we 
write |c| for |s| and pop2(c) for pop2(s). We further abuse this notation by application of 
functions defined on stacks to runs, meaning that we apply the function to the last stack oc- 
curring in a run. For instance, we write top2(p) for top2(s) and \p\ for |.s| if p{\cn{p)) = {q, s) . 
In the same sense one has to understand equations like p{i) = pop]^(,s). This equation says 
that p{i) = (g, popj^(s)) for some q e Q. Keep in mind that \p\ denotes the width of the last 
stack of p and not its length len(p). Also recall that we write p < p' if the run p is an initial 
segment of the run p'. 

Definition 5.1. Let 01 be some n-NPT. Define the relation r*£ 01 x 01 by 

p (* p' ii p< p' , \p\ = \p'\ - 1, and |7r| > \p\ for all p < tt < p' . 

Wc define the sot of relevant I -ancestors of p by induction on I. The set of relevant 0-ancestors 
of p is RAo(p) := {p}. Set 

RAi+i(/9) := RAj(p) u {tt 6 or : 37r' 6 Rki{p) tth tt' or tt tt' or tt r* tt'} . 

n 

For p= {pi,p2,...,Pn), we write RA;(p) := U RA;(pj). 

i=l 

Remark 5.2. For 1-NPT, the relation r* can be characterised as follows: for runs p,p', 
we have p r* p' if and only if p' = p o tt for a run tt starting at some Wp and ending in Wpa, 
the first operation of tt is a push^j and tt visits Wp only in its initial configuration. 

For 2-NPT, there is a similar characterisation: wc have p p' if and only if p' = p o tt for 
some run tt starting at some stack Sp and ending in some stack Sp : w, the first operation of 
TT is a clone and tt visits Sp only in its initial configuration. 

The motivation for the definition is the following. If there are elements p,p' € 01 such 
that p' < p and there is a path in Ot of length at most / that witnesses that p' is an 
ancestor of p, then wc want that p' e RA;(p). The relation is tailored towards this idea. 
Assume that there are runs pi < p2 h"^ p^ with 5 performing some pop„ operation such that 
P2 Pi*^ Pi - This path of length 2 witnesses that pi is an ancestor of p2. By definition, one 
sees immediately that pi p2 whence pi e RAi(p2). In this sense, relates the ancestor 
pi with p2 if the distance between pi and p2 in OT may be small because of a descendant of 
P2 that is a jump edge successor of pi. 
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In the following, it may be helpful to think of a relevant ^-ancestor p' of a run p as an 
ancestor of p that may have a path of length up to I witnessing that p' is an ancestor of p. 

From the definitions, we obtain immediately the following lemmas. 

Lemma 5.3. For each run p' there is at most one run p such that p p' . p is the 
maximal ancestor of p' satisfying p' = pop„(p). 

Lemma 5.4. Let p and p' he runs such that p ^ p' . Let p be the predecessor of p' , i.e., p 

is the unique element such that p \- p' . Then p p. 

Lemma 5.5. If p, p' e ^ such that p \- p' or p ^ p' , then p e RAi{p') . 

Lemma 5.6. For all I eN and p e *Jt, |RA((p)| < 4' and RA((p) is linearly ordered by <. 

We now investigate the structure of relevant ancestors and the possible intersections of 
relevant ancestors of different runs. First, we characterise the minimal element of RA;(p). 

Lemma 5.7. Let he a n-NPT. Let pi e RA;(/9) he minimal with respect to <. Then 

either \pi\ = l and \p\ < I 

or pi = popjj(p) and \pi\ < \p'\ for all p' e RAi{p) \ {pi}. 

Remark 5.8. Recall that \p\ < I implies that pop''^{p) is undefined. 

Proof. The proof is by induction on I. For I = 0, there is nothing to show because 
Po = p = pop° (p). Now assume that the statement is true for some I. 

(1) Consider the case \p\ < l + l. Then pi satisfies \pi\ = 1. If pi has no predecessor it is also the 
minimal element of RA;+i(/3) and we are done. Otherwise, there is a maximal ancestor 
p < Pi such that IpI = 1. Since p ^- pi or p ^ pi, p e KAi+i{p) \ KAi{p). Furthermore, no 
ancestor of p can be contained in RAi+i{p). Heading for a contradiction, assume that 
there is some element p< p such that p e RA(+i(p). Then there is some p' e RA;(p) with 
p< p< p' such that p ^ p' OT p c" p' ■ But this leads to the contradiction 1 < \p'\ < \p\ = 1. 
Thus, the minimal element of RA(+i(/7) is pui = p. 

(2) Now assume that \p\> l + l. Let p be the maximal ancestor of pi such that |/5| + 1 = \pi\. 
Then p pi or p t- pi, whence p € RA;+i(p). We have to show that p is the minimal 
element of RA;+i(p) and that there is no other element of width \p\ in RA;+i(p). For the 
second part, assume that there is some p' e RAi+i{p) with \p'\ = \p\. Then p' has to be 
connected via h, r*, or to some element p" e RA;(p). By definition of these relations 
\p"\ < \p'\ + 1. By induction hypothesis, this implies p" = pi. But then it is immediately 
clear that p' = p by definition. 

Similar to the previous case, the minimality of p in RA;+i(p) is proved by contradic- 
tion. Assume that there is some p' < p such that p' e RAi+i(p). Then there is some 
p < pi < p" e RAi(p) such that p' p" or p' ^ p" . By the definition of ^ and r*, we 
obtain |p"| < |p|. But this contradicts |p"| > \pi\ > \p\. Thus, we conclude that p is the 
minimal element of RA;+i(p), i.e., p = p^+i. □ 

The previous lemma shows that the width of stacks among the relevant ancestors cannot 
decrease too much. Furthermore, the width cannot grow too much. 

Corollary 5.9. Let ■K,p€'^ such that n € RAi{p). Then \\p\ - < I. 

Proof. From the previous lemma, we know that the minimal width of the last stack 
of an element in RA;(p) is |p| - We prove by induction that the maximal width is |p| + 

The case Z = is trivially true. Assume that |7r| < |p| + ? - 1 for all tt e RAj_i(p). Let 
TT 6 RA;(p) \ RA;_i(p). Then there is an tt 6 RAj_i(p) such that fr \- tt, n ^ tt, n tt. For 
the last two cases the width of tt is smaller than the width of tt whence |7r| < |p| + Z - 1. For 
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the first case, recall that all stack operations of an n-FS alter the width of the stack by at 
most 1. Thus, |7r| < |7r| + 1 < \p\ + 1. □ 

Next we show a kind of triangle inequality for the relevant ancestor relation. If p2 is a 
relevant ancestor of pi then all relevant ancestors of pi that are ancestors of p2 are relevant 
ancestors of p2- 

Lemma 5.10. Let pi,p2 and let li,l2 If Pi ^^Mi{p2), then 

RAi^ipi) cRAi^+i^{p2) and 

RAi^ {p2) n {tt : TT < pi} c RAi^+/, {pi). 

Proof. The first inclusion holds by induction on the definition of relevant ancestors. 

For the second claim, we proceed by induction on ?2- For Z2 = the claim holds because 
RAo(p2) = {92} and pi < p2 imply that RAo(p2) n {tt : tt < pi} # if and only if pi = p2 
whence {^2} £ R'Ao(pi). For the induction step assume that 

RA/2_i(p2) n {tt : TT < pi} c RA,i+/,_i(pi). 

Furthermore, assume that tt e RA;2(p2) n {tt : tt < pi}. We show that tt e RAij+i^CPi)- By 
definition there is some tt < n such that tt e RA;2_i(p2) and tt e RAi(7t). We distinguish the 
following cases. 

— Assume that n < pi. By hypothesis, tt e RA/j^+i^-iCPi) whence tt e RAij+/2(pi). 

— Assume that tt < pi < tt < p2- This implies that tt tt or tt tt whence |7r| = |7r| - j < \pi\ 
for some j e {0, 1}. From Corollarv l5.9l we know that 

ll^l - IP2II < ^2 - 1 and||pi| - IP2II < ^1. 

This implies that |pi| - \tt\ < li + I2. By definition of ^ and r*, there cannot be any 
element tt' with tt < tt' < tt and \tt'\ = \tt\. Thus, tt is the maximal predecessor of pi with 

TT = popj''^' ''^'(pi). Application of Lemma 15.71 shows that tt is the minimal element of 
RA|p^l_l^|(pi). Hence, tt e RA|p^|_|^| (pi) c RA/,+,2(pi). □ 

Corollary 5.11. //pe RA;(pi) nRA;(p2) t/ie^ RA;(pi) n {tt : tt < p} g RA3/(p2). 

Proof. By the previous lemma, p e RA;(pi) implies RAi(pi) n {tt : vr < p} c RA2;(p). 
Using the lemma again, p e RA;(p2) implies RA2;(p) £ RA3;(p2). □ 

The previous corollary shows that if the relevant Z-ancestors of two elements pi and p2 
intersect at some point p, then all relevant /-ancestors of pi that are ancestors of p are 
contained in the relevant 3Z-ancestors of p2. Later, we use the contraposition of this result 
in order to prove that relevant ancestors of certain runs are disjoint sets. 

The following proposition describes how RAi(p) embeds into the full 2-NPT DT. Successive 
relevant ancestors of some run p are connected by a single edge or by a r*-edge. We will see 
that this proposition allows us, given an arbitrary run p, to explicitly construct a relevant 
ancestor set isomorphic to RA;(p) that consists of small runs. 

Proposition 5.12. Let pi < p2 < p such that pi,p2 e RAi(p). If tt ^ RAi(p) for all 
pi<7T < p2, then pi I- p2 or pi r* P2- 

Proof. Assume that pi i/ p2. Consider the set Af := {tt e RA;(p) : pi r*7r}. M is 
nonempty because there is some it e RA;_i(p) such that either pi tt (whence tt e M) 
or pi ^ TT (whence the predecessor tt of tt satisfies tt € M). Let p e M be minimal. It suffices 
to show that p = p2- For this purpose, we show that tt i RA/(p) for all pi < tt < p. Since 
p 6 RAi(p), this implies that p = P2- We start with two general observations. 
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(1) For all pi < TT < p, |7r| > \p\ due to the definition of pi r* p- Furthermore, due to the 
minimality of p in M, for all pi < tt < p with tt e RA/(p), |7r| > \p\ (otherwise tt e M 
which contradicts the minimality of p). 

(2) Note that there cannot exist pi < -k < p < tt with tt ^ tt or tt tt because |7r| > \p\. 

Heading for a contradiction, assume that there is some pi < tt < p such that tt e RA;(p). 

Due to observation [21 there is a chain ttq '■= 7r,7ri, . . . ,7r„_i,7r„ := p such that for each 
< i < n there is x- € {i-,^, r*} such that tt^ * tTj+i and tt^ e RA;_i(p). By assumption, 
n + 0, whence p e RA/_i(/3). Due to observation [I] we have \pi\ < \p\ < \tt\. Since each stack 
operation alters the width of the stack by at most 1, we conclude that the set 

M' := {tt' : p, < tt' < p, \p\ = \tt'\} 

is nonempty because on the path from pi to tt there occurs at least one run with final stack 
of width \p\. But the maximal element tt' e M' satisfies pi tt' \- p ov pi tt' ^ p. Since 
p 6 RAi_i(p), this would imply tt' e M which contradicts the minimality of p in M. Thus, 
no pi < TT < p with TT 6 RA/(p) can exist. 

We conclude that tt i RA/(p) for all pi < tt < p and pi r* p = p2- □ 

In the final part of this section, we consider relevant ancestors of two different runs p and 
p'. Since we aim at a construction of small runs p and p' such that the relevant ancestors 
of p and p' are isomorphic to the relevant ancestors of p and p', we need to know how sets 
of relevant ancestors touch each other. Every isomorphism from the relevant ancestors of 
p and p' to those of p and p' has to preserve edges between a relevant ancestor of p and 
another one of p'. 

The positions where the relevant /-ancestors of p and p touch can be identified by looking 
at the intersection of their relevant (I + 1) -ancestors. This is shown in the next lemma. For 
A and B subsets of some n-NPT 91 and p some run of 9T, we say A and B touch after p 
if there are runs p < pA,P < Pb such that p^ e A, p^ e S and either pA = Pb or pA * Pb 
for some * e {i-,h,^,>^, In this case we say A and B touch at {pa,Pb)- In the 

following, we reduce the question whether /-ancestors of two elements touch after some p 
to the question whether the (I + l)-ancestors of these elements intersect after p. 

Lemma 5.13. //pi,p2 are runs such that RA;j(pi) and RA;2(p2) touch after some po, 
then RA;i+i(pi) n RAi^+i{p2) n {tt : po < tt} + 0. 

Proof. Let po be some run, po < pi e RA;j(pi), and po < P2 e RAi^{p2) such that the 
pair (pi,p2) is minimal and RA;j(pi) and RAi2(p2) touch at (pi,p2). Then one of the 
following holds. 

(1) pi = p2- there is nothing to prove because pi e RAj^ (pi) n RA;2(p2) n {tt : po < tt} . 

(2) pi I- p2 or pi p2 or pi p2 : this implies that pi e RA;2+i(p2) n RA;j(pi). 

(3) pi H p2 or pi 1^ p2 or pi^ p2- this implies that p2 e RA;j+i(pi) n RA;2(p2). □ 

Corollary 5.14. // p and p' arc runs such that RA(j(p) and RA/2(p') touch after 
some run po then there exists some po < pi e RA;j+i(p) nRA;2+i(p') such that 

RA/i+i(p) n{x:x<pi}c RA/,+2/i+3(p')- 
Proof. Use the previous lemma and Lemma [5. 101 □ 

5.2. A Family of Equivalence Relations on Words and Stacks 

Next, we define a family of equivalences on words that is useful for constructing runs with 
similar relevant ancestors. The basic idea is to classify words according to the FO^-type 
of the word model associated to the word w expanded by information about certain runs 
between prefixes of w. This additional information describes 
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(1) the number of possible loops and returns with certain initial and final state of each 
prefix V < w, and 

(2) the number of runs from {q,w) to {q',v) for each prefix v < w and all pairs q,q' of 
states. 

It turns out that this equivalence has the following property: if w and w' are equivalent and 
p is a run starting in {q,w) and ending in {q',w : w), then there is a run from {q,w') to 
{q, w' ■■ v') such that the loops and returns of v and v' agree. This is important because runs 
of this kind connect consecutive elements of relevant ancestor sets (cf. Proposition 15. 12p . 

In order to copy relevant ancestors, we want to apply this kind of transfer property 
iteratively. For instance, we want to take a run from {qi,wi) via ((?2,ifi • ^2) to ((73, wi : 
W2 '■ W3) and translate it into some run from {qi,w[) via {q2,w[ : W2) to {q3,w[ : W2 ■ w'^) 
such that the loops and returns of W3 and w'^ agree. Analogously, we want to take a run 
creating n new words and transfer it to a new run starting in another word and creating n 
words such that the last words agree on their loops and returns. If we can do this, then we 
can transfer the whole set of relevant ancestors from some run to another one. This allows 
us to construct isomorphic relevant ancestors that consist only of short runs. 

The family of equivalence relations that we define have the following transfer property. 
Words that are equivalent with respect to the n-th relation allow a transfer of runs creating 
n new words. The idea of the definition is as follows. Assume that we have already defined 
the (i - l)-st equivalence relation. We take the word model of some word w and annotate 
each prefix of the word by its equivalence class with respect to the (i - l)-st relation. Then 
we define two words to be equivalent with respect to the i-th relation if the FO^-types of 
their enriched word models agree. 

These equivalence relations and the transfer properties that they induce are an important 
tool in the next section. There we apply them to an arbitrary set of relevant ancestors in 
order to obtain isomorphic copies of the substructure induced by these ancestors. 

For the rest of this section, we fix some 2-PS J\f. For w some word, we use W-n as an 
abbreviation for pop"(u'). 

Definition 5.15. For each word w e E*, we define a family of expanded word models 
£in^'^(w) by induction on n. Note that for n = the structure will be independent of the 
parameter k but for greater n this parameter influences the expansion of the structure. Let 
£inQ'^{w) be the expanded word model 

£m',''{w) :=({0,1,...,H-1} 

such that for < i < |w| the following holds. 

— SUCC and P^- form the standard word model of w in reversed order, i.e., succ is the usual 
successor relation on the domain and z e P^. if and only if topi{w-i) = cr, 

— i £ S"^ , if there are j pairwise distinct runs pi , . . . , such that each run starts in {q,w) 
and ends in {q',w^i). 

— The predicates Rj encode the function i <-* ^Ket^{w-i) (cf. Definition 14. 5p . 

— The predicates Lj encode the function i 1-^ ^Loop^(K;_j). 

— The predicates Hj encode the function i 1-^ #IILoop^(w_i). 

Now, set Type^'^ (w) := FOfc[£inQ'^(w)], the quantifier rank k theory of £inQ'^(K;). 

Inductively, we define £in^'^;^(z(;) to be the expansion of £in^'^(w) by predicates describing 
Type^'^(i;) for each prefix v <w. More formally, fix a maximal list 61,82, ■■■ ,9m of pairwise 
distinct FOfc-types that are realised by some £in^j'^(w). We define predicates Ti,T2, . . . ,Tm 
such that i e Tj if Type^'^ {^-i) = 9j for all < i < n. Now, let £inj^'^j^(w) be the expansion of 
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£in^'^(w) by the predicates T'i,T2, . . . ,T„i. We conclude the inductive definition by setting 
Typef;;i(u;) := FOfc[£inf:v\(u;)]. 

Remark 5.16. Each element of £in^'^(u') corresponds to a prefix of w. In this sense, we 
write ^ S^qq' for some prefix v <w if v = W-i and £in„'^(w) 1= « € S'^ 

It is an important observation that £in^'^(u;) is a finite successor structure with finitely 
many colours. Thus, for fixed n,k,z € N, Type^'^ has finite image. 

For our application, k and z can be chosen to be some fixed large numbers, depending on 
the quantifier rank of the formula we are interested in. Furthermore, it will turn out that 
the conditions on k and z coincide whence we will assume that k = z. This is due to the fact 
that both parameters are counting thresholds in some sense: z is the threshold for counting 
the existence of loops and returns, while k can be seen as the threshold for distinguishing 
different prefixes of w which have the same atomic type. Thus, we identify k and z in the 
following definition of the equivalence relation induced by Type^'^ . 

Definition 5.17. For words w,w' e S*, we write w =^ w' if Type^'^(w) = Type^'^(?«'). 

As a first step, we want to show that =^ is a right congruence. We prepare the proof of 
this fact in the following lemma. 

Lemma 5.18. Let n e N, z > 2 and J\f he some 2-PS. Let w be some word and a e T, 
some letter. For each <i < \w\, the atomic types of i and of in £in^^(w) determine the 
atomic type of i + 1 in 2in^^{wa). 

Proof. Recall that i e £in^'^(w) represents W-i and i + 1 e £,mj^^ (wa) represents 
wa_^i+iy Since w^i = u'(T_(i+i), it follows directly that the two elements agree on (P(j)o-eSi 
{Rj)j^j, {Lj)jf:j, and {Hj)jej and that w^i =^-1 w;cr-(i+i) (recall that the elements of 
£injj'^(w) are coloured by Ejj_-^-types). 

We claim that the function #Ret^(ii;) and the set 

6 N X Q X Q : J < z,£in^„^(u;) ^ i e S^^,} 

determine whether £in^'^(wcr) 1= (i + 1) e S*^ g,. Recall that the predicates 5*^ ^, in £in^'^(w) 
encode at each position i the number of runs from {q,w) to {q'^W-i). We now want to 
determine the number of runs from {q,wa) to (g', u'cr_(i+i) ) = {q',w-i). 

It is clear that such a run starts with a high loop from {q,wa) to some {q,wa). Then it 
performs some transition of the form (q,a,q' ,popi) and then it continues with a run from 
iq',w) to {q',w-i). 

In order to determine whether £in^'^ (wcr) 1= (i + 1) e 5^ we have to count whether j 
runs of this form exist. To this end, we define the numbers 

k(q,q') ■■= #HLoop^(w)((7,g), 
j{qA') '■= l{('7>cr,(7',popi) 6 A}|, and 
HqA') '■= max{fc : e ^,)} 
for each pair q = {q,q') e Q^. It follows directly that there are Y, iqjqkq many such runs 

up to threshold z. Note that jq only depends on the pushdown system. Due to Proposition 
14.141 ^HLoop^ (wo-) is determined by a and #Ret^(w). Thus, kq is determined by the 
atomic type of in £in^;^(u;). iq only depends on the atomic type of i in £in^'^(w). These 
observations complete the proof. □ 
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Corollary 5.19. Let n,z e N such that z > 2. Let wi and W2 be words such that 
wi =^ W2. Any strategy of Duplicator in the z round Ehrenfeucht-Frai'sse game on £in^'^(wi) 
and £,in^^ (W2) translates directly into a strategy of Duplicator in the z round Ehrenfeucht- 
Fraisse game on £inj^'^(u'icr) ["[i.i^jjj] anrf £in^'^(w2cr) ["[ijio^l] ■ 

Proof. It suffices to note that the existence of Duplicator's strategy implies that the 
atomic types of in 2Xx\!^^{wi) and £in^'^(w2) agree. Hence, the previous lemma applies. 
Thus, if the atomic type of « € £in^'^(ii;i) and j e £in^'^(?ii2) agree, then the atomic types 
of i + 1 € £in^'^(wi(T) and j + 1 e £inj^j'^(u'20') agree. Hence, we can obviously translate 
Duplicator's strategy on £in^'^(wi) and £in^'^(w2) into a strategy on £injj'^(zi;icr) ["[i^^Jil] 
and £i<''^(w;2cr)r[i.|u,2|]- □ 

The previous corollary is the main ingredient for the following lemma. It states that =^ 
is a right congruence. 

Lemma 5.20. For z > 2, =^ is a right congruence, i.e., z/ Type^'^(wi) = Type^'^(w2) 
for some z>2, then Type^'^(wiw) = Type^'^(u'2w) for all w e E*. 

Proof. It is sufRcient to prove the claim for w = u e S. The lemma then follows by 
induction on First observe that 

#Loop''(u;icr) = #Loop^(w2cr), 
#HLoop^(wict) = #HLoop^(fi;20'), and 
#Ret^(wiCT) = #Ret''(w2cr), 

because these values are determined by the values of the corresponding functions at wi and 
W2 (cf. Proposition l4.14l) . These functions agree on wi and W2 because the first elements of 
£i<'^(u;i) and £i<'^(u;2) are FO^ definable (z > 2!). 

For i 6 {1,2}, £,m^^{wia-) 1= e -S*^^ ^/j if and only if there are j loops from {q,Wia) 
to (q'jWia) (at position the runs counted by the 5"^^^,^ coincide with loops). Since 
^Loop^(u'icr) = #Loop^(u'2cr), we conclude that the atomic types of the first elements 
of £inQ ^(wicr) and of £inQ'^(w20') coincide. 

Due to the previous corollary, we know that Duplicator has a strategy in the z round 
Ehrenfeucht-Frai'sse game on £in^'^(wicr) l'[i,|iui|] and £in^'^(w2c) l'[i,|u!2|]- 

Standard composition arguments for Ehrenfeucht-Frai'sse games on word structures dir- 
ectly imply that £inQ'^(wicr) =z £inQ'^(i(J20')- But this directly implies that the atomic 
types of wicr in £inf '^(uiicr) and of W20^ in £in^'^(w20') coincide. If n > 1, we can apply the 
same standard argument and obtain that £in^'^(wi(T) =z £in^'^(w2cr). By induction one 
concludes that £in^'^(wicr) =z £in^'^(w2f), i-e., wia =^ W2a. □ 

In terms of stack operations, the previous lemma can be seen as a compatibility result 
of with the push^ operation. Next, we lift the equivalences from words to 2-stacks in 
such a way that the new equivalence relations are compatible with all stack operations. We 
compare the stacks word-wise beginning with the topmost word, then the word below the 
topmost one, etc. up to some threshold m. 

Definition 5.21. Let s,s' be stacks. We write s rn=n ^' if either 

|s| > TO, \s'\ > TO, and top2 (pop2(s)) =n t0P2 (poP2(5')) foi' all < I < TO, or 
I ■■= \s\ = \s'\ < m, and top2 (pop2(s)) =^ top2 (pop2(s')) for all < i < Z. 

Proposition 5.22. Let z > 2 and let si,S2 be stacks such that si m=n ^2- Then 
push^(si) rn=^„ push^(s2), popi(si) m=i-i popi(s2), clone2(si) m+i=n clone2(s2), and 

pOp2(si) „i-l=n P0P2(S2)- 
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Proof. Assume that op = popj^. Quantifier rank z suffices to define the second element 
of a word structure. Hence, w w' implies that Type^'f^-^(u'-i) = Type^'^-^(w'_]^). But this 
implies W-\ =^-1 

For op = pushg. we use Lemma l5.20l For clone2 and pop2, the claim is trivial. □ 

The previous proposition shows that the equivalence relations on stacks are compatible 
with the stack operations. Recall that successive relevant ancestors of a given run p are 
runs pi < p2 i p such that pi \- p2 or pi c" P2 (cf. Proposition l5.12l) . In the next section, 
we are concerned with the construction of a short run p such that its relevant ancestors are 
isomorphic to those of p. A necessary condition for a run p to be short is that it only passes 
small stacks. We construct p using the following construction. Let pq < pi < p2 ■ ■ ■ < p he the 
set of relevant ancestors of p. We then first define a run pQ that ends in some small stack 
that is equivalent to the last stack of po. Then, we iterate the following construction. If p^+i 
extends pi by a single transition, then we define pi+i to be the extension of pi by the same 
transition. Due to the previous proposition this preserves equivalence of the topmost stacks 
of Pi and Pi. Otherwise, pi+i extends pi by some run that creates a new word Wi+i on top 
of the last stack of pi. Then we want to construct a short run that creates a new word w'^^i 
on top of the last stack of pi such that Wi+i and wl^i are equivalent and w^+j^ is small. Then 
we define pi+i to be pi extended by this run. 

Finally, this procedure defines a run p that corresponds to p in the sense that the relevant 
ancestors of the two runs are isomorphic but p is a short run. 

In the following, we prepare this construction. We show that for any run po there is a run 
Po that ends in some small stack that is equivalent to the last stack of po- This is done in 
Lemma 15.251 Furthermore, we show that for runs pi and pi that end in equivalent stacks, 
any run that extends the last stack of pi by some word w can be transferred into a run that 
extends pi by some small word that is equivalent to w. This is shown in Proposition 15.271 

The proofs of Lemma 15.251 and Proposition 15.271 are based on the property that prefixes 
of equivalent stacks share the same number of loops and returns for each pair of initial and 
final states. Recall that our analysis of generalised milestones showed that the existence of 
loops with certain initial and final states has a crucial influence on the question whether 
runs between certain stacks exist. We first define functions that are used to define what a 
small stack is. Afterwards, we show that any run to some stack can be replaced by some 
run to a short equivalent stack. 

Definition 5.23. Let J\f = (Q,E, A,go) be a 2-PS. Set a{n,z) = \Q\ ■ + 1, where 

|^7=nl is the number of equivalence classes of Furthermore, set Bhgt '■= P7=ol ' ^ind 
Pin) :=|g|-(|S| + l)". 

Remark 5.24. /3{n) is an upper bound for the number of pairs of states and words of 
length up to n. Note that a, Bhgt and /3 computably depend on J\f. 

Lemma 5.25. Let n eN, z>2, and let p be a run from the initial configuration to some 
configuration {q,s). There is a run p' starting in the initial configuration such that 

\^0P2ip)\ - ain, z) < |top2(p')| < |top2(p)|, 

hgt(p') < |top2(p')| + Bhgt, 

|p'|</3(hgt(p')) and 

tOP2(p) <tOp2(p')- 

Furthermore, i/|top2(p)| > a(n,z), then |top2(p')| < |top2(p)|. 
We prove this lemma in three steps. 

(1) For each run p with long topmost word, we generate a run p' with equivalent but smaller 
topmost word. 
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b d e e b d b d e 

a a a a a a a a a a 

S=llll mi=l 7712 =111 7773 =111 

Fig. 2. Illustration for the construction in the first step of the proof of Lemma l5.25l 

d f d f 

b d d d b d d 

a a a a a a a a 

S = m^ =11111 777 = 7714 =111 
d d f f d f 

b d d b b d d d b d d d 

a a a a a a a a a a a a a 

7773 =111 7772 =11 7)7,4 =1111 7773 =1111 
Fig. 3. Illustration for the construction in the second step of the proof of Lemma l5.25l 

(2) For each run p, we generate a run p' such that top2(p) = top2(p') and the height of p' 
is bounded by |top2(p)| + Bhgt- 

(3) For each run p, we generate a run p' such that top2(p) = top2(p'), the height of p' is 
bounded in terms of hgt(p) and the width of p' is bounded in terms of its height. 

Proof of step 1. Let p be some run with |top2(p)| > a(77, z). Let (q, s) ■= p(len(p)) be 
the final configuration of p. For each k < a{n,z), there is a maximal milestone mk e MS(s) 
with |top2(777fe)| = k. Figure [2] illustrates this definition. Let Wk '■= top2(777fc) and let pk < phe 
the largest initial segment of p that ends in 777^. Note that 777^ < rrik' < s for all k < k' < a{n, z) 
by the maximality of 777^ and 777^/ . 

Then there are i < j < a{n,z) such that top2(pi) =^ top2(/0j) and the final states of pi 
and pj agree. 

Due to the maximality of pj, no substack of pop2(777j) is visited by p after k •■= len(pj). 
Thus, the run TT {p[[k,ien(p)])[i^j /^i] is well-dcfined (cf. Definition |4J^. Note that 
TT starts in (q',mi) for q' ^ Q the final state of pi. Thus, we can set p '■= Pi ° tt. Since 
Wi =^ Wj and since =^ is a right congruence, it is clear that top2(/5) =^ top2(p). Since 
< \wj \ - \wi \ < a{n, z), it also follows directly that 

|top2(/o)|-a(n-,z) < |top2(p)|< |top2(p)|. □ 



Proof of step 2. The proof is by induction on the number of words in the last stack 
of p that have length h := hgt(p). Assume that p is some run such that 

hgt(p) > |top2(p)| + Bhgt. 

In the following, we define several generalised milestones of the final stack s of p. An 
illustration of these definitions can be found in Figure [3] 

Let m € MS(s) be a milestone of the last stack of p such that |top2(7n)| = h. For each 
|top2(p)| < 7 < /7 let 777i 6 MS(7(7,) be the maximal milestone of 777 with |top2(777.i)| = i. Let 77^ 
be maximal such that ^(77^) = {q',mi) for some q' e Q. Let m[ e GMS(s) \ GMS(7r7) be the 
minimal generalised milestone after 777 such that top2(7;7,^) = top2 ( 777i). Let n[ be maximal 
with p(nj) = {q',m[) for some q' e Q. 

There are |top2(/c)| < k <l < hgt(p) satisfying the following conditions. 

(1) There is a q e Q such that p{nk) = {q,mk) and p{ni) = {q^mi). 
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(2) There is a. q' e Q such that p{n'f.) = {q',m'i^) and p(nj) = {q',m'i). 

(3) top2(mfc) =Q top2(m;) (note that this imphcs that ^Loop^(mfe) = ^Loop^(m;) and 
#Reti(mfc) = #Reti(m,)). 

By definition, we have TO;<rn;. Thus, the run tti := (pl'[n,.n;])[^7ii/'7ife] is well defined (of. 
Definition 14.101) . Note that tti starts in {q,mk) and ends in {q',s) for s := m[[mi/mk]). 
Moreover, top2(7ri) = top2(TO5j) = top2(p(n5j,)). Furthermore, pt[n'^,icn{p)] never looks below 
the topmost word of because n'^, is the maximal node where the generalised milestone 
m'f, is visited. Thus, (popaCm^) : l) < pt[„'^^ic„(p)] whence 

7I"2 := Pl'[„'^Jcn(p)][pOP2(™'fc) : -L/p0P2(s) : l] 

is well defined. It starts in the last stack of tti. Now, we define the run p := pt[Q,nk] o tti o 7r2. 
Either hgt(yo) < h.gt{p) and we are done or there are less words of height hgt(/9) in the last 
stack of p than in the last stack of p and we conclude by induction. □ 

Proof of step 3. Assume that p is a run with len(p) > /?(hgt(p)). We denote by m 
the maximal position in p such that the stack at p{ni) is pop2(p) for each < i < \p\. There 
are less than ^''^|q[^'''* many words of length up to hgt{p). Thus, there are i < j such that 

(1) there is a word w with topg (pop2(p)) = top2 (pop2(/9)) = w, and 

(2) p(nj) = ((7,pop2(p)) and p{nj) = ((7,pop^(p)) for some qeQ. 

Now, let Si := pop2^^(p) and sj := pop^^"'^(/9). There is a unique stack s such that 
p(len(p)) = {q,Si : s). The run pt[ni,icn{p)] (from Si : w to Si s) never visits Si. Thus, 

Pi '■= Pt[n,,lcn{p)][si ■ l/Sj ■■ l] 

is a run from sj : w to sj : s. The composition p := p|'[o,nj] ° Pi satisfies the claim. □ 

The previous corollary deals with the reachability of some stack from the initial config- 
uration. The following proposition is concerned with the extension of a given stack by just 
one word. Recall that such a run corresponds to a r" edge. We first define the function that 
is used to bound the size of the new word. Recall that the equivalence relation depends 
on the choice of the fixed 2-PS Af = (Q, S, A, qo). |^7=d denotes the number of equivalence 
classes of =^ . 

Definition 5.26. Set 7(a,6,c,d) := 1 + 5 + a(|Q||s7^f|). 

Before we state the proposition concerning the compatibility of =^ with edges, we 
explain its meaning. The proposition says that given two equivalent words w and w and 
a run p from (g,s : w) to {q',s : w : w') that does not pass any substack ot s ■ w, then, 
for each stack s : w, we find a run p from (q, s : w) to (g', s w w') for some short word 
w' that is equivalent to w' . Furthermore, this transfer of runs works simultaneously on a 
tuple of such runs, i.e., given m runs starting at s : w of the form described above, we 
find m corresponding runs starting at s •■ w. This simultaneous transfer becomes important 
when we search an isomorphic copy of the relevant ancestors of several runs. In this case 
the simultaneous transfer allows us to copy the relevant ancestors of a certain run while 
avoiding an intersection with the relevant ancestors of other given runs. 

Proposition 5.27. Let 7i,z,to e N such that n> 1, z > m, and z>2. Let c= {q,s ■■ w), 
c= {q,s:w) be configurations such that w =^ w. Let pi,...,pm be pairwise distinct runs 
such that for each i, \pi{j)\ > |s : w| for all j > I and such that pi starts at c and ends 
in {qi,s : w : Wi). Analogously, let pi,.. . , Pm-i be pairwise distinct runs such that each pi 
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starts at c and ends in (qi, s w Wi) and \pi{j) \ > \s ■ w\ for all J > 1. // 

Wi =n-i Wi for all I < i < m - 1, 
then there is some run pm from c to (qo, s •■ w ■ Wm) such that 

Wm =n-l '^irn 

Pm is distinct from each pi for 1 < i < m, and 
\wm\ <7(m,|w|,n,z). 
We prepare the proof of this proposition with the foUowing lemmas. 

Lemma 5.28. Let z,m,n e N such that z > 2 and z > m. Let w,w' be words and let 
PIt P2, ■ ■ ■ , Pm be pairwise distinct runs such that pi starts in {qi,w) and ends in {qi,Vi) 
for some prefix Vi <w. If w =n+i w' , then there are prefixes v[,v'2, . . . ,v'^ of w' such that 
Vi v[ for all \ < i < m and there are pairwise distinct runs p'^^ p'2, . . . , p'^ such that p[ 
starts in {qi,w'), ends in {qi,v[). 

Furthermore, Vi = w if and only if v[ = w' and Vi < w implies that there is a letter Oi and 
words Ui, u[ such that w = ViOiUi and w' = v[aiu[. 

Proof. Without loss of generality, assume that qi = qj = q and qi = qj = q for all 
1 < i,j < m. Since £,m^^^{w) 2in^^^{w'), a winning strategy in the Ehrenfeucht-Fraisse 
game induces words v[,v'2, . . . jv'^ such that (vi ,V2, ■ ■ ■ ,Vm) '-^ (''^i i ''^s! > • • ■ i ^m) ^ partial 
isomorphism. Thus, v'i = Vj iff Vi = Vj. Since z > m, Duplicator can maintain this partial 
isomorphism for at least one more round of the game. Therefore, the labels of the direct 
neighbours of agree with the labels of the direct neighbours of Vi which especially implies 
v[ = w' iff Vi = w. Furthermore, if Vi^ = Vi^ = ■■■ = Vi^ , then pi^, pi^, . . . , pi^ witness that Vi^ 
is coloured by S'^^ in 2Xn'l^l^{w). Hence, is coloured by S^^^-^ in £in^'^;^(w'). Hence, 
there are k pairwise distinct runs p[^, p[^, . . . , p[^ from {q,w') to {q,vl^). Since, Vi and 
are labelled by the same E^-type, the claim follows immediately. □ 

This lemma provides the transfer of runs from some stack s : w to stacks s : Vi with 
Vi < w to another starting stack s' : w' ii w and w' are equivalent words. We still need to 
investigate runs in the other direction. We provide a transfer property for runs from some 
word w to extensions wvi , WV2 , . • . , wvm ■ 

Lemma 5.29. Let z,m,n e N such that z>2 and z > m. Let pi,p2, ■ ■ ■ ,Pm be pairwise 
distinct runs such that for each 1 < i < m the run pi starts in (qi,w), ends in {qi,wvi) 
and never visits w after its initial configuration. Furthermore, let w' be some word such 
that w =^ w' . There are words v[,v'2, ... ,v'^ such that \v'i\ < 1 + m ■ \Q\ ■ 1^*/=^) ^^^^ fi''^st 
letter of Vi and v[ agree (or Vi = v[ = e), wVi =^ w'v'i, and there are pairwise distinct runs 
p'i,p'2 ■ ■ ■ iP'm such that each run p'i starts in w' , ends in w'v[, and never visits w' after its 
initial configuration. 

Proof. For each run p,;, there is a decomposition pi — tt^ o A^^ o ■ • ■ o o A2 o tti o Ai 
where the Ai are high loops and each tt^ is a run of length 1 that performs a push operation. 
Since the type of a word w determines #Ret^(w) and #HLoop^(w), we conclude with 
Proposition 14.141 that :^HLoop^(ww) = #HLoop^(w'v) for all words v e S*. Thus, there is 
a run p- = 7r„ o Ajj o • • • o o Aj o tti o A'^ where the A ■ are high loops such that the runs 
p'l, p'2, . . . T p'm are pairwise distinct. Note that p[ ends with stack w'vi and w'vi =^ wVi 
because =^ is a right congruence. 

If < \ + m-\Q\- P7=nl for all 1 < i < TO we are done. Otherwise we continue with the 
following construction. Without loss of generality assume that \vi\ > l + m-\Q\-\^*/=^\. Then 
we find nonempty prefixes uq < ui < U2 < ■ ■ ■ < u„i such that for all < i < j < m 

(1) p'l passes w'ui and w'uj in the same state q & Q for the last time, 
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(2) w'ui wuj, and 

(3) l<|?/,|<K-|<l+m-|QMs7<|. 

Let rii be the maximal position in p'l such that p'i{ni) = {q,w'ui). For each < i < j < m, 
we can define the run p\-' := Pit[o,ni] ° Pit[nj.icn(pi)][wuj/wui] which ends in the stack 
wvilwuj/wui]. Since =^ is a right congruence, this stack is equivalent to wvi. Furthermore, 
it is shorter than wvi. By pigeonhole principle, there are < i < j < m such that p^'"* is 

distinct from Psj • ■ • i p'm- Now, we replace p'l by p^ . 
Repetition of this argument yields the claim. □ 

For the proof of Proposition I5.27[ we now compose the previous lemmas. Recall that the 
proposition says the following: given m runs pi , . . . , pm starting in some stack s that only 
add one word to s and given a stack s whose topmost word is E^-equivalent to the word on 
top of s, we can transfer the runs pi, . . . , pm to runs p'l,. . . , p'^ that start at s such that p'^ 
extends s by one word that is j^-equivalent to the word created by pi. 

Proof of Proposition 15.271 Let pi,p2,...,Pm and pi,p2,---,Pm-i be runs as re- 
quired in the proposition. Assume that Wi =n-i Wj and that all runs pi end in the same 
state, i.e., qi = qj, for all 1 < « < j < m. Later we deal with the other cases. 

We decompose each run pi as follows. Let w'^ ■■= wnwi. Then pi = p^o p\ o pf where is a 
run of length 1 that performs exactly one clone2 operation, and p] is the run from s ■ w w 
to the last occurrence of s : w : w'^. 

Due to topi{w) = topi{w), there are runs p^ from c to s : w li performing only one clone 
operation and ending in the same state as p^. 

By Lemma 15.281 we can transfer the p] to runs pj starting at {q,s w : w) and ending at 
s : ill ■ Ui such that Ui < w and w \~\Wi =^-1 "^i- The lemma allows us to enforce that p] = pj 

Let Vi be the word such that Wi = (w n Wi) o Vi. We use Lemma 15.291 and find words 
vi, . . . , Vjn and runs Pi, . . . , p^ such that p^ is a run from s ■ w : Ui to {qi,s ■ w : UiVi) which 
visits s ■ w ■ Ui only in its initial configuration such that Uiiii =^-1 Wi and such that iiiVi has 
length bounded by 

7(to, \w\, n, z) = \w\ + 1 + m ■ \Q\ ■ |^7=nl ■ 
Furthermore, p^ and p^ coincide if and only if p^ and p^ coincide, we claim that the runs 

Pi°pI°pI,P2°P2°P2,---, pL ° pin ° pIi 

are pairwise distinct. First of all we show that = w n iiiVi. Due to the last part of Lemma 
15.281 there is a letter such that w = UiaiXi for some word Xi and w = iiiaiXi for some 
word Xi. Furthermore, Vi and Vi start with the same letter. Due to Ui = w n UiVi, this letter 
cannot be whence iii = w nuiVi. 

Heading for a contradiction, assume that /5° o p^ o = o o Since p° and p° have 
both length 1, this implies that p° = p°. Furthermore, we have seen that pj ends in the 
last occurrence of the greatest common prefix w n UiVi = Ui. Hence, the two runs can only 
coincide if Ui = Uj. But then p\ = pj because both parts end in the last occurrence of a 
stack with topmost word Ui. But this would also imply that p^ = p^. By construction of the 
three parts, this would imply that p'l = p^, p] = p], and Pi = p^- But this contradicts the 
assumption that p^ o p^ o pf = pit pj = p^ o pj o p^. 

Since the runs are all distinct, there is some j such that p° o pj o p^ does not coincide 

with any of the pi for 1 < j < m - 1 . Note that pm '■= p'j ° p] ° Pj satisfies the claim of the 
proposition. 
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Now, we come to the case that the runs end in configurations with difl[erent states or 
difi^erent s^_-^-types of their topmost words. In this case, we just concentrate on those pi 
which end in the same state as pm and with a topmost word of the same type as Wm- This 
is sufficient because some run p can only coincide with pi if both runs end up in the same 
state and in stacks whose topmost words have the same type. □ 

6. DYNAMIC SMALL-WITNESS PROPERTY 

In this section, we define a family of equivalence relations on tuples in 2-NPT. The equi- 
valence class of a tuple pi , . . . , pm with respect to one of these relations is the isomorphism 
type of the substructure induced by the relevant Z-ancestors of pi , . . . , pm extended by some 
information for preserving this isomorphism during an Ehrenfeucht-Frai'sse game. Recall 
that such a game ends in a winning position for Duplicator if the relevant 1-ancestors of 
the elements that were chosen in the two structures are isomorphic (cf. Lemma l5.5p . 

We then show how to construct small representatives for each equivalence class. As ex- 
plained in Section 12.11 this result can be turned into an FO model checking algorithm on 
the class of 2-NPT. 

Definition 6.1. Let p = {pi, p2, ■ ■ ■ , Pm) he runs of a 2-PS Af and let 91 := NPT(A/'). Let 
l,ni,n2, z eN. We define the following relations on RA/(p). 

(1) For fc < ; and p e p, let Pj; := {tt e RA,(p) : tt e RAfc(p)}. 

(2) Let ni=^2-Type be the function that maps a run tt to the msj^^ -equivalence class of the 
last stack of tt. 

We write ^i^ni.n2,z{p) for the following expansion of the relevant ancestors of p: 

^l.,m,n2..z{p) ■■= (^I'RA,(p),(l-'')<5eA,^, , „i "Type, (P^' ) fc<;, i<j<m ) . 

For tuples of runs p = (pi , . . . , p,„ ) and p' = {p[, . . . , p'^) we set p p' if 

^/,ni ,n2 ,-s (p) ~ '^Zjni ,712 ,2 (P )■ 

Remark 6.2. 

— If Pn-^=n2 p' then there is a unique isomorphism ip : D\i,ni,n2,zip) - ^i,ni,n2.zip') witness- 
ing this equivalence: due to the predicate Pj, pj is mapped to p'j for all 1 < j <m. Due 
to the predicate Pj, the relevant ancestors of pj are mapped to the relevant ancestors of 
p'j . Finally, tp must preserve the order of the relevant ancestors of pj because they form 
a chain with respect to i- u (cf. Proposition 15. 12[) . 

— Due to Lemma [5751 it is clear that p ^m-n2 P' implies that there is a partial isomorphism 
mapping pi i-^ p[ for all \ < i <m. 

Since equivalent relevant ancestors induce partial isomorphisms, a strategy that preserves 
the equivalence between relevant ancestors is winning for Duplicator in the Ehrcnfcucht- 
Fraisse-game. 

Given a 2-PS N, set Dl := NPT{Af). We show that there is a strategy in the Ehrenfeucht- 
Frai'sse game on Dl, p and 91, p' in which Duplicator can always choose small elements com- 
pared to the size of the elements chosen so far in the structure where he has to choose. 
Furthermore, this strategy will preserve equivalence of the relevant ancestors in the follow- 
ing sense. Let p, p' £ 91 be the n-tuples chosen in the previous rounds of the game. Assume 
that Duplicator managed to maintain the relevant ancestors of these tuples equivalent, i.e., 
it holds that p \.=f^ p' . Now, Duplicator's strategy enforces that these tuples are extended by 
runs TT and tt' satisfying the following. There are numbers fc^, ^i, ni such that p, tt \=%^. p', tt' 
and furthermore, the size of the run chosen by Duplicator is small compared to the elements 
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chosen so far. Before we state the exact claim, we define some functions that provide bounds 
for Duphcator's choices. 

Definition 6.3. Let A/" be a 2-PS and let a, 6 e N. We define the functions 

C : ^ N, ry : ^ N, and 6* : ^ N 

by induction on the first parameter. We set 

C(0,X2,X3,X4,X5) = ri{0,X2,X3,X4,X5) = 0(0, X2, X3, X4, X5) = for all X2,X3,X4,X5 6 N. 

For the inductive step, let Xn+i '■= {n + 1, z,l' ,n[,n'2) e be arbitrary. We set I ■■= Al' + 5, 
ui ■■= n[ + 2{l' +1) + 1, 77.2 := 71-2 + 4' + 1, and Xn '■= {n, z, Z, ni, 77,2). We define auxiliary values 
for 1 < 7 < 4'' +^ and Hf°^ for 1 < i < n [ + 4''. Recall that we introduced a, (3 and Bhgt 
in Definition 15.231 and 7 in Definition 15.261 Set 

:=7("-4"''"',C(Sn),^2-l,^), 
Hl:'i:= 7(l,i?]-,ni-7+l,z), 

Hf°^ := C{xn) + Bhgt + a{n'2 + n[ + 4*'+^ - 1, z), and 

Now we set 

C(W):= max{i/]?,';„i/siob^,}, 

V{xn+i) ■■= Vi^n) + /3(fff °'') + 77'i + 2{l' + 1), and 

e{xn^i) := 0(.T„) + (4''+i + l)C(5„+i) • Vixn^i) ■ (1 + LLf (C(a;n+i))). 

where LL^ is the function from Proposition 14. 151 that bounds the length of short loops. 

Remark 6.4. Since 7, a, /3, Bhgt, and LL depend computably on TV, the functions (^,77 
and 9 also depend computably on Af. 

Proposition 6.5. Let N be a 2-PS. Set 01 := NPT(A/'). Let n, z,n[,n'2,l' e N, 
I := Al' + 5, ni := n[ + 2{l' + 1) + 1, and 772 := 773 + 4' + 1 such that z > 2 and z > n ■ 4'' . 
Furthermore, let p and p' he n-tuples of runs of *Tt such that 

{2) len(7r) < 0{n, z,l,ni,n2) for all tt e RAi(p'), 

(5) hgt(7r) < ^(77, z, Z, 77,1, 77,2) /or aZZ TT 6 RA;(p'), and 

(4) kl ^ z, Z, 77i, 772) for all vr e RAi(p'). 

For each p e there is some p' e ^ such that 

{2) len(7r) < 6'(77+ 77^,772) for all tt e Rki,{p',p'), 

(3) hgt{TT) < C{n+ l,z, I', n[,n'2) for all TT eRAi{p' ,p'), and 

(4) kl < 77(77 + l,z,l',n[,n'2) for all vr e RAi{p',p'). 

This proposition can be reformulated as a finitary constraint for Duplicator's strategy in 
the Ehrenfeucht-Frai'sse game on every 2-NPT. This yields an FO model checking algorithm 
on 2-NPT. Before we present this application of the proposition in Section [3 we prove this 
proposition. For this purpose we split the claim into several pieces. The proposition asserts 
bounds on the length of the runs and on the sizes of the final stacks of the relevant ancestors. 
As the first step we prove that Duplicator has a strategy that chooses runs with small final 
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stacks. This result relies mainly on Propositions 15.221 and 15.271 These results allow us to 
construct equivalent relevant ancestor sets that only contain runs ending in small stacks. 
Afterwards, we apply Corollaries 14.171 and 14.181 in order to shrink the length of the runs 
involved. 

6.1. Construction of Isomorphic Relevant Ancestors 

Before we prove that Duplicator can choose short runs, we state some auxiliary lemmas 
concerning the construction of isomorphic relevant ancestors. The following lemma gives a 
sufficient criterion for the equivalence of the relevant ancestors of two runs. Afterwards, we 
show that for each run p we can construct a second run p' satisfying this criterion. 

Lemma 6.6. Let po < pi < ■■■ < Pm = p be runs such that RA/(/o) = {pi : < i < m}. If 
Po < Pi < ■ ■ ■ < Pm o,re runs such that 

— the final states of pi and pi coincide, 

— po=pop2(Pm) or IpoI = IpoI = 1, 

— Po ni=n2 /^o, and 

— Pi * Pi+1 iff Pi * Pi+i for all 1 < i < m and x- e { r*} u {i-'': S e A}, 
then 

R.Az(/5m) = {pi : < i < m}. 
// additionally top2{Pi) -n2-i top2(/3i) for all Q < i < m, then 

Pin ni~n2-4' P™-' 

Proof. First, we show that for all < i < j < to, the following statements are true: 

H-^Pj iff H-^Pj, (4) 
Pi ^ pj iff Pi ^ pj, and (5) 
Pi Pj iff Pi (* Pj- (6) 

Note that pi v-^ pj implies j = i+\. Analogously, pi pj implies j = i + 1. Thus, (|4|) is true 
by definition of the sequences. 

For the other parts, it is straightforward to see that |pfc|-|pj| = |pfe|-|pj | for all < j < /c < to: 
for k = j the claim holds trivially. For the induction step from j to j + 1, the claim follows 
from the assumption that pj * pj+i if and only if pj * pj+i for all * e { r*} u {\-^: 6 e A}. 

Furthermore, assume that there is some tt such that pk <% < pk+i - Then it cannot be the 
case that pk Pk+i- This implies that p^ r* Pk+i- By definition, it follows that pk r* Pk+i- 
We conclude directly that |7r| > |pfc+i| > \pk\- Thus, 

P] ^ Pk iff 

\pj \ = \pk\ and |7r| > \pj\ for all pj < it < pk iff 

\pj \ = \pk\ and |7r| > \pj\ for all pj < n < pk iff 

Pj ^ Pk- 

Analogously, one obtains ([6]). 

We now show by induction that RA/(pm) = {pi ■■ <i < to}. Note that trivially 

RA/(p™) n {tt : Pm <Tr} = {p™} 

holds. Assume that there is some < mo < m such that 

RA;(p„) n {tt ■■ p„i„ < tt} = {pi ■■mo<i<m} and 

Pi € RAfe(p) iff Pi 6 RAfe(pm) for all fc < ^ and i>mo. 

We distinguish the following cases. 
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— If 

Pmo-i Pmo for some transition S then Pmo-i Pma due to (jH). Thus, there are no 
runs Pmo~i < TT < Pma - Heuce, we only have to show that Pma-i s RAfe(p„i) if and only if 

Pmo-l 

€ RAkipm) for ah fc < L 
If Pmo-i ^ R-Afe(pm), then there is some j > mo such that pj e RAfc_i(/9,„) and Pma-i is 
connected to pj via some edge. But then pj e RAfc_i(pm) and Pma-i is connected with 
Pj via the same sort of edge. Thus, Pma-i e RAfc(/5m). 
The other direction is completely analogous. 

— Otherwise, assume that there is some Pmo-i < tt < p,„o- Since its direct predecessor is 
not in RA;(p„j), pmg t RA;_i(p). Thus, ^ RAz_i(/5). By construction, /5™o_i r* Pmo- 
Thus, |7r| > \pmo\ for all Pmo-i < tt < p„iQ. This implies that tt ^ pi and it ij* pi for all 
mo <i <m. This shows that tt ^ RA;(/5m). 

We obtain that Pmo-i £ RAfe(pm) iff Pmo-i s RAfe(pm) for all A: < ^ analogously to the 
previous case. 

Up to now, we have shown that RA;(/5m) n {tt : po ^ ""I = {Pi : < i < m}. In order to prove 
RA;(/5„j) = {pi : < z < m}, we have to show that po is the minimal element of RA/(pm). 
There are the following cases 

(1) po = pop2(p,n). In this case, we conclude that po = pop2(pm) by construction. But 
Lemma [5.71 then implies that po is the minimal element of RA/(pm)- 

(2) IpoI = IpoI = 1. Note that po ^ RA;_i(pm) because po is minimal in RA/(p„j). Thus, we 
know that po ^ RA/_i(p„). 

Heading for a contradiction, assume that there is some tt e RA;(pm) with tt < po- 
We conclude that n ^ pk or n Pk for some pk e RA;_i(pm). But this implies that 
|7r| < IpoI = 1. Since there are no stacks of width 0, this is a contradiction. 
Thus, there is no tt e RA;(p„j) that is a proper prefix of po- 

We conclude that RA;(pm) = {pi - < i < m}. 

Let us turn to the second part of the lemma. Assume that top2(pi) =^2_i top2(pi) for all 
< i < m. Since pi and p^+i differ in at most one word, a straightforward induction shows 
that Pj ni~\po\+\pi\=n2-i Pt ('^f- Proposition [523) ■ But this implies pm ^1=^2-4; Pm because 
IpoI < \pi\ as we have seen in Lemma [5T71 □ 

The previous lemma gives us a sufficient condition for the equivalence of relevant ancestors 
of two elements. Now, we show how to construct such a chain of relevant ancestors. 

Lemma 6.7. Let l,ni,n2,m,z such that n2> 4:'' and z> 2. Let 

Pa < pi < ■ ' ■ < Pm = p be runs such that 
RA,(p) n {tt : po < TT < p} = {pj : < i < m}. 

Let Po be a run such that po ni=n2 Po '^'^'^ such that both runs end in the same state. Then 
we can effectively construct runs 

Po < Pl < ■ ■ ■ < Pm =■ P 

such that 

— the final states of pi and pi coincide for all < i < m, 

— pi t-* pi+i iff Pi t-^ pi+i and pi r* Pi+i iff Pi & Pi+i for allO<i<m, and 

— top2(pi) =^2_j top2(pi) for allO<i<m. 

Proof. Assume that we have constructed 

Po < Pl < • • • < Pmo , 

for some mg < m such that for all < i < mo 
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(1) the final states of pi and pi coincide, 

(2) Pi pi+i iff pi pi+i a nd pi Pi+i iff Pi Pi+i (note tfiat pi v- pi+i or pi r* Pi+i liold 
due to Proposition l5.12p . and 

(3) top2(p0 =l^_i p,. 

We extend this chain by a new element p'^^+i such that all these conditions are again 
satisfied. We distinguish two cases. 

First, assume that pm^ Pmo+i- Since p^o =n2-mo Pmo' topi(p„J = topi(/5„iJ. Due to 
Condition[TJ their final states also coincide. Hence, there is a Pma+i such that /5m„ i-'' Pmo+i- 
Due to Proposition [5211 Pma+i satisfies Condition ([3]). 

Now, consider the case pmo Pmo+i- The run from pmo to Pmo+i starts from some stack 
s and ends in some stack s : w for w some word, the first operation is a clone and then s is 
never reached again. Hence, we can use Proposition 15 . 27l in order to find some appropriate 
/5„io+i that satisfies Condition □ 

The previous lemmas give us the possibility to construct an isomorphic copy of the rel- 
evant ancestors of a single run p. In our proofs, we want to construct such a copy while 
avoiding relevant ancestors of certain other runs. Using the full power of Proposition 15.271 
we obtain the following stronger version of the lemma. 

Corollary 6.8. Let /,ni,n2,m,z e N 6e numbers such that z> m-A^ and 112 > 4'. 
Let p and p' be m-tuples such that p n^=n^ p' and ipi is an isomorphism witnessing this 
equivalence. Furthermore, let po < pi < ■ ■ ■ < be runs such that for each i < m we have 
Pi I- Pi+i or Pi r* Pi+i- 

If Po s R-A;(p), and if pi i KAi(p) then we can construct po ■= ^i{po) < pi < P2 < ■ ■ ■ < Pm 
satisfying the conditions from the previous lemma but additionally with the property that 
PiiRki{p'). 

Proof. We distinguish two cases. 

(1) Assume that pq\- pi. Due to the equivalence of po and po, we can apply the transition 
connecting po with pi to po ^nd obtain a run pi. We have to prove that pi i RAi(p'). 
Heading for a contradiction assume that pi e RA;(p'). Then (pj^ preserves the edge 
between po and pi, i.e., po = (pJ^{po) \- (pj^{pi). But this implies that LpJ^{pi) = pi 
which contradicts the assumption that pi i RA;(p). 

(2) Assume that po r* pi. Up to threshold z, for each tt such that po tt and tt e RAi(p') 
there is a run po r* (pJ^{Tr). Since pi ^ RA;(p), we find another run pi that satisfies 
the conditions of the previous lemma and pi ^ RA;(p'). This is due to the fact that 
Proposition 15.271 allows us to transfer up to z > |RAi(p')| many runs simultaneously. □ 

6.2. Construction of Small Equivalent Stacks 

In this section, we prove that Duplicator has a strategy that preserves the isomorphism type 
of the relevant ancestors while choosing runs whose relevant ancestors end in small stacks. 
Later, we show how to bound the length of such runs. 

The analysis of this strategy decomposes into the local and the global case. We say Spoiler 
makes a local move if he chooses a new element such that one of its relevant ancestors is an 
relevant ancestor of the elements chosen so far. We say Spoiler makes a global move if he 
chooses an element such that its set of relevant ancestors does not intersect with the set of 
relevant ancestors of the elements chosen so far. 

We first head for the result that Duplicator can manage the local case in such a way that 
he chooses an element such that all its relevant ancestors end in small stacks. Then we show 
that Duplicator can manage the global case analogously. 



A:34 



Alexander Kartzow 



Lemma 6.9. Let n, z, I', 'n[,n'2 be numbers such that z >2, n[ > 0, n'2> 0, I ■= 4/' + 5, 
z> n- 4', ni ■■= n[ + 2{l' + 1) + 1, and n2 := n'2 + 4''+^ + 1. 

Let p,p' be n-tuples of runs such that p^ni-n^ P' ^'^'^ such that hgt(7r) < z, ni, 712) 
and \'k\ < rj{n,z,l,ni,n2) for all n e RA;(p'). Furthermore, let p be some run such that 
RAi/+i(/9) nRAi/+i(p) + 0. Then there is some run p' such that 

hgt(p')^C(^i+l,2,'',<,"2): |p'|<»y(n + l,2;,r,n'i,n^), and (p, p) J^, e^, (p', p'). 

Proof. Let (pi •■ 'l>li,ni,n2.z{p) - ^i,ni,n2,z{p') denote the isomorphism that witnesses 
Pni-n2 P' ■ Let po s RA;'+i(p) be maximal such that 

RAi,+i(p) n {tt : TT < po} £ RA4;'+3(p) £ RA,(p). 
There are numbers mp < < m\ and runs 

Prna < Pmo + 1 < ■ ■ ■ < Pq < Pi < ■ ■ ■ < Pmi 

such that RAi/+i(p) = {pi : mo < i < mi}. We set p'^ := ^pi{pi) for ah mg < i < 0. Note that 
hgt(/9o) < C{n,z,l,ni,n2) and |po| < T]{n, z,l,ni,n2). 

Next, we construct p'l,. ■ ■ such that p' ■= has relevant ancestors isomorphic to 
those of p. We first define p'^ such that 

(1) the final state of p'l and pi coincide, 

(2) topaCp'i) top2(pi), 

(3) p'^^' p\ iffpoH^Pi, 

(4) Po P'l iff Po 

(5) p'l ^RA4i'+3(p'), and 

(6) hgt(p;) < 7(n-44''+3,hgt(/9[,),n2 - l,z) < (cf. Definition ES]). 

If po i"*^ Pi I this construction is trivial. Note that there is an element pp h"* p'^ and 
p'j ^ RA4i'+3(p') (otherwise, pi = ipj^{pi) € RA4i'+3(p') contradicting the maximality of 
po). If po r* pi, we just apply Proposition 15.271 

Now, we continue constructing p'2^. . . ^ =: p' such that 

(1) the final states of pi and p\ coincide for all 2 < i < mi, 

(2) top2(pOE^^_^top2(pO, 

(3) for ah 2 < i < mi, p- p\^^ if pi pi+i; in this case hgt(p^+i) < hgt(p^) + 1^ 

(4) for all < i < mi, r* p^+i if Pi (* Pi+i; in this case the use of Proposition 15.271 ensures 
that hgt(p^^i) < 7;?;^^(l,hgt(pO>'^2 - hz) 

By definition, it is clear that conditions 1-3 hold also for all mo < « < 0. Using Lemma 
16.61 we obtain that p lJ'^=^r p' ■ A simple induction shows that hgt(p^) < whence 

hgt(p') < C{n + l,z,l',n[,n'2). Furthermore, due to Lemma lOl |p.| - |po| < 2{l' + 1) whence 
\p[\<\p'o\ + 2il' + l)<v{n+l,z,l\n[,n'2). 

We still have to show that the isomorphism between KAi{p) and RAi(p') and the iso- 
morphism between RAi/(p) and RA;/((o') are compatible in the sense that they induce an 
isomorphism between KAi'{p,p) and KAi'{p',p'). The only possible candidate is 

^i,:RAi,{p,p) ^RAi,{p',p') 

{p' for TT = Pi, mo <i<mi 

ipiin) for TT 6 RAi'+i(p). 

In order to see that this is a well-defined function, we have to show that if pi e RA;'+i(p) 
then p'^ = fi{pi) for each mo < i < mi. Note that pi 6 RA;/+i(p) n RA;'+i(/9) implies that 
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TT € RA3;/+3(p) for all tt e RA;'+i(p) with tt < pi (cf. Corollary 15. lip . But then by definition 
i < and p- = ipi{pi). 

We claim that ipc is an isomorphism. Since we composed ipi' of existing isomorphisms 
RA;/(p) ~ RA;/(p') and RA;/(p) ~ RA;/(p'), respectively, we only have to consider the 
following question: let tt e RA/'(p) and tt e RA;/(p); does ipi' preserve edges between tt and 
TT and does ipj} preserve edges between the images of tt and tt? In other words, we have to 
show that for each 

X- 6 r", ^ } u {^-^•. 6 e A}u {-t^: S e A}, we have tt x- tt iff (Pi'{tt) * ipi'{%). 

The following case distinction treats all these cases. 

— Assume that there is some * e r*} u {i-'': 5 e A} such that tt * tt. Then tt e RA;/+i(p). 
Thus, there are toq < i < j < mi such that tt = pi and n = pj. We have already seen that 
then (Pi'{tt) = p\ and = p'^ and these elements are connected by an edge of the same 
type due to the construction of p,^ and p'y 

— Assume that there is some * e {i^, } u {n'^: 8 e A} such that tt * tt. Then tt e RA/'+i(p) 
whence (pc coincides with the isomorphism ipi on tt and tt. But ipi preserves edges whence 
TT * TT implies (/?;'(7r) * ipi'{tt). 

— Assume that there is some * e {^, r*}u{i-'': (5 e A} such that lpi'{tt)*lpi'{tt). By definition, 
^Pi'{tt) € RA;/(p') whence ipi'{tt) = p'j for some toq < J < rn\. Thus, ^v(tt^ e RA/'+i(p') 
whence (Pi'{tt) = p- for some toq <i < j- We claim that tt = pi. Note that due to Corollary 
15.111 for all Too < k < i we have pj. € RA3/'+3((^/'(7r)). Since <fi'{TT) = <pi(7r) € RAi'(p'), 
we conclude that pj, 6 RA4/'+3(p') for all toq < k <i. By construction, this implies i < 
and f>i'{TT) = p'i = ipi{pi). Furthermore, since tt 6 RA//(p), (^('(tt) = <^;(7r). Since ipi is an 
isomorphism, it follows that tt = p^. But this implies that there is an edge from tt = pi to 

TT = Pj. 

— Assume that there is some * e j*^, }u{h'': 5 e A} such that (^('(tt) *lpii{tt). This implies 

(^p(7r)6RAz,+i(p')nRA,,+i(p). (7) 

By definition, tt = pj and '^i'{tt) = p'^ for some toq < j < toi. Due to ([7]), p.- e RA4/'+3(p') 
for all mQ<i< j. Since p[ i RA4//+3(p'), j < 0. Thus, p^- e RA4;/+3(p) and (pz'(7r) = ipi{7T). 
Since v?; preserves the relevant ancestors of p level by level, we obtain that tt € RA;'+i(p). 
Since tt e RA;/+i(p), we obtain that ^pv{tt) = fi{TT) and (^/'(tt) = lpi{tt). Since Lpi is an 
isomorphism, we conclude that tt * tt 

Thus, we have shown that 03/' is an isomorphism witnessing p, p i» p' tP' ■ □ 

The previous lemma shows that Duplicator can respond to local moves in such a way 
that she preserves isomorphisms of relevant ancestors while choosing small stacks. In the 
following we deal with global moves of Spoiler. We present a strategy for Duplicator that 
answers a global move by choosing a run with the following property. Duplicator chooses a 
run such that the isomorphism of relevant ancestors is preserved and such that all relevant 
ancestors of Duplicator's choice end in small stacks. We split this proof into two lemmas. 
First, we address the problem that Spoiler may choose an element far away from p but close 
to p'. In this situation, Duplicator has to find a run that has isomorphic relevant ancestors 
and which is far away from p'. Afterwards, we show that Duplicator can even choose such 
an element whose relevant ancestors all end in small stacks. 

Lemma 6.10. Let n,l\n[,n'2eN be numbers. We set I := Al' + 5, ni := n[ + 2{l' + 1) + 1, 
and 71-2 := + 4' + 1. Let z e N satisfy z> n- and z>2. 

Let p and p' be n-tuples of runs such that pjj^s^^ p'. Furthermore, let p be a run such 
t/iat RA;'+i(p) n RA;'+i(p) = 0. Then there is some run p' such that j5, p';^, p',p'. 
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Proof. Let Lpi be the isomorphism witnessing RA;(p) RAi(p'). If RA;'+i(p') n 

RAi'+i(/9) = 0, we can set p' := p and we are done. Otherwise, let ttq < tt^ < ••• < 7r°^ 
be an enumeration of all elements of RAi/+i(p') n RA;/+i(/9). Due to Corollary I5.14[ 
RA;'+i(/9) n {tt : vr < 7r°^J g RA3;'+3(p'). Since / > 3^' + 3, we can set tx] := ipj^in^) for all < 

i < no- Due to Lemmas [6?7] and EH there is an extension tt^^ < such that RAi'+i(p) 'j/^^=^/ 

RAi/+i(/9^) andTT,^ e RA;/+i(/9^) for allO < i < uq. If RA;/+i(p^)nRA;/+i(p') = we set p' := p^ 
and we are done. 

Otherwise we can repeat this process, defining := ipJ^iT^i) for the maximal ni < uq such 
that tt} € RA3i'+3(p') for all < i < no. Then we extend this run to some run p"^. If this process 
terminates with the construction of some run p^ such that RAif+i{p^) nRA;'+i(yo') = 0, we 
set p' := and we are done. If this is not the case, recall that RA3i/+3(p') is finite. Thus, 
we eventually reach the step were we have defined ttq , ttq , . . . , tt™ for some to e N such that 
for the first time tt™ = ttq for some i < ra. But if i > 0, then 

^0 = VAt^o ) = <y5i(7^o) = ■ 

This contradicts the minimality of m. We conclude that vr™ = ttq which implies that 
ttq 6 RA3;/+3(p). Furthermore, by definition we have ttq e RA;'+i(/9) and there is a maximal 
i such that 7r° e RA3i/+3(p). Since z > |RA;(p)|, we can apply Corollary 16.81 and construct a 
chain ipi{Tr°) < p\^^ < p\^^ <■■■< p' such that p, p e^, p', p' . □ 

We have seen that that Duplicator can answer every global challenge of Spoiler. But we 
still need to prove that she can choose an element whose relevant ancestors all end in small 
stacks. The use of the pumping construction from Lemma 15.251 allows to prove this fact. 

Lemma 6.11. Let nj',n[,n2,z e N, let I := Al' + 5, ni := n[ + 2{l' + 1) + 1, and let 
712 •= f^2+4' ^^ + 1. Furthermore, let p be an n-tuple of runs such i/iai hgt(7r) < z, ni, ri2) 
and \k\ < ri(n, 2, /, rii, 71-2) for all tt e RA/(p). If p is a run such that RA/»+i(p)nRA/»+i(p) = 0, 
then there is some run p' such that 

hgt(7r) < C(n + 1, z, Z', n']^, 712), and 
\7t\ < ri{n+l,z,l',n[,n2) 

for all TT € RA;'(p, p'). 

Proof. Let po < pi < ■ ■ ■ < pm ■= p he runs such that RA;'+i(p) = {pi ■■ < i < m}. 

Let Too > -n[ be minimal such that there are runs pmo < Pmo+i < ••• < Po such that for 
each Too < i < we have pi r* Pi+i or pi pi+i for some clone2 transition S. Due to the 
construction, either too = I - n'l or \pq \ < n[. 

We construct runs p'^^ < p'j^^+i < p'm ending in small stacks such that ^, pm as 

follows. If hgt(p™J < C(n, z,^,nl,?^2) and \pmo\ < r]{n, z, I, rii, 712), then we set p'^^ := pmg- 
Otherwise, Lemma 15.251 provides a run such that 

hgt(p:„J < Hf'' := C{n, z, l,ni,n2) + Bhgt + a(n^ + n[ + - 1) 
\p'mo\ <v{n,z,l,ni,n2) + (3{Hf°^), 

either hgt(p^J > C(n, z, /, rii, 712) or |p^J > r]{n, z,l,ni,n2), and 

_2 I 

Pmo l-„^+,i'^+4''+i-l Pmo- 

The last condition just says that top2(p„iJ =^^+„,^+4i'_i top2(p;,jJ. 
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Having constructed p[ for i < m, we construct p^^^ as foUows. 

(1) If hgt(pj) < (^(n, z,l,ni,n2) and \pj\ < ry(n, z, /, rii, 712) for all niQ < j < i + 1, set 
P[+1 ■■= Pi+i- 

(2) Otherwise, if pi pi+i then define such that p- 1-'' p[_^_^. 

(3) If none of the previous cases applies, then pi Pi+i and using Proposition 15.271 we 
construct p[_^-^ such that 

(a) p'i r*p-+i, 

(b) hgt(p-+i) <7(l,max{hgt(pJ),C(n,z,Z,ni,n2)},n2 + n; - (j + 1 - mo)), 

(c) hgt(p-_|_i) > (^{n,z,l,ni,n2) if hgt(pj) < (^{n, z,l,ni,n2) for all mo < j < i and if 
Ip^ I < ri{n, z,l,ni,n2) for all mo < < i + 1, and 

(d) t0p2(p^+l) =:,^„,^4''+i-(.+ l-™o)-l tOP2(P^+l)- 

First of all, note that n'2 + n'^ + 4' - (0 - mo) - 1 > + 4' whence po n;=^/ +4!'+! Po- Since 
m < 4' and since |p^| > |po| for all < j < m, we conclude that pj n[=n' Pj all < j < m. 
Using Lemma 15^ we see that p' 1'!'^=^, p. 

Furthermore, RA;/+i(p') nRA;'+i(p) = 0: heading for a contradiction, assume that 

p-6RA,.+i(p')nRAi-+i(p) 

for some < i < m. Then p^ € RA3i'+3(p) g RAi(p) for all < j < i. Thus, 
hgt(p^ ) < z,l,ni,n2) and |p^| < ry(n, z, /, rii, 712) for all < j < i. By construction, it 
follows that p'j = Pj for all mg < i < j. But then pj = p'j e RA;'+i(p) n RA;'+i(p) which 
contradicts RA;'+i(p) n RA;'+i(p) = 0. 

Thus, RA;/(p) and RA;'(p') do not touch whence p,pln=n2 P->P' ■ n 

6.3. Construction of Short Equivalent Runs 

Combining the results of the previous section, we obtain that for each n-tuple in NPT(5) 
there is an FOfc-equivalent one such that the relevant ancestors of the second tuple only 
contain runs that end in small stacks. In order to prove Proposition 16. 5[ we still have to 
bound the length of these runs. For this purpose, we use Corollaries 14. 171 and 14. 181 in order 
to replace long runs between relevant ancestors by shorter ones. 

Proof of Proposition 16.51 Using the Lemmas lOl - 16. Ill we find some candidate p' 
such that p, p Jj, s^, p',p' and the height and width of the last stacks of all tt e RA;'+i(p') 

are bounded by C(n + 1, z, Z', n'j^, 7^2) and r\{n + 1, z, n'j^, rij), respectively. 

Recall that there is a chain p'q< p'^< ■■■ < p'^ = p' such that RA;'+i(p') = {p- : < i < m}. 

This chain satisfies < m < 4^' and p- i-"^ p-^^ or p- r* p-+i for aU < i < m. 

If Pq i RA3;/+3(p'), then we can use CoroUarv 14.171 and choose some Po that ends in the 
same configuration as pg such that po ^ RA3i/+3(p') and 

len(po) < l+2-C(n + l,z,/',7i'i,7i2) •?7("'+ l,2:^'i"''i,"'2)) 
■(l+LLf(C(n+l,z,Z',n;,n^))). 

If Po 6 RA3/'+3(p') let < i < m be maximal such that p^ e RA;(p'). In this case let p'j := p'j 
for all < j < i. 

By now, we have obtained a chain p'q < p'l < ■ ■ ■ < p'i for some < z < m. Using Corollary 
14.181 we can extend this chain to a chain {p^ :Q < i < m} such that 

(1) p-(len(p-)) = p-(len(p-)), i.e., p.- and p- end in the same configuration, 

(2) p^ p'^^^ iff p^ H-* p^^i for aU < i < m, 

(3) p[ r* P-+1 iff p^ p',^^ for aU < i < m. 
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(4) \en{pl,) < lcn(pO + 2 • C(n + 1, z, Z', n'l, n^) • {1 +LL^ {({n + 1, zj' ,n[,n'^))), and 

(5) p'j 6 RA3i'+3(p') for all < j < i implies p- = p'^ (here we use that z>n- 4^'-'+^). 

Using Lemma 16. 6[ we conclude that p' '/^=Ji< p' for p' := pj^^. Furthermore, we 

claim that RA;'+i(p') nRA/'+i(p') = RA;/+i(p') nRAi/+i(p'). By definition the inclusion 
from left to right is clear. For the other direction, assume that there is some element 
p- 6 RA;'+i(p') n RA/'+i(p'). By Lemma FS.lll this implies that pj e RA3;'+3(p') for all 
0<j<i. Thus, p- = p-, which implies that p- e RA/'+i(p') n RA;/+i(p'). 

We conclude that p, p ^/ p',p' ^'-n' P'^P'- By definition, the length of p' is bounded 
by 6{n + 1, z, I' ,n[,n'2) fcf. Definition 1^751) . □ 

7. FO MODEL CHECKING ALGORITHM FOR LEVEL 2 NESTED PUSHDOWN TREES 

Fix a 2-PS J\f and set m := NPT(A/'). We have shown that ii m t= 3xip{x) then there is a 
small run p such, tlicit N (p(^p^. Even when we cidd parctmeters pi, ■ • • •> Pn 

this result still 

holds, i.e., there is a short witness p compared to the length of the parameters. Hence, we 
can decide FO on 2-NPT with the following algorithm. 

(1) Given a 2-PS Af and a first-order sentence ip, the algorithm first computes the quantifier 
rank q of (p. 

(2) Then it computes numbers z, 1^,1^, P , . . . ,1"^ ,n\,nl,nf . . . , nf, 11,2, 112,122, . . . , ri| € N such 
that for each i < q the numbers z, f, ,n\,n\*'^ ,122, 11^2^ can be used as parameters in 
Proposition 16.51 

(3) These numbers define a constraint S - {S'^{i))i<q for Duplicator's strategy in the q- 
round game on Vt and Dl as follows. We set (pi, p2, • . • , Pm) £ 'S'^ if for each i < m and 
TT € RAi,(p^) 

len(7r) < 9{i,z,V ,n\,n\), 
hgt(7r) < C(«,z,r,<,n^), and 
|7r| < ri{i,z,l\n\,n\). 

(4) Due to Proposition 16.51 Duplicator has an S'-preserving strategy in the q- round game 
on 91 and 91. Thus, applying the algorithm SModelCheck (cf. Algorithm [1] in Section 
12.11) decides whether tp. 

7.1. Complexity of the Algorithm 

At the moment, we do not know any bound on the complexity of the algorithm presented. 
The problem towards giving a complexity bound on our algorithm is that the function LL^ 
bounding the size of the shortest z loops of each stack depends nonuniformly on the 2-PS 
M ■ For a fixed 2-PS N we can compute this dependence, but we have no general bound 
on the result in terms of A possible approach to concrete bounds on LL^ may be 
the application of Pumping lemmas for 2-PS (cf. [Hayashi 1973[[Parys 201 Fb] ). But further 
investigations on this question are necessary. 

If we restrict our attention to the case of 1-NPT the picture changes notably. The FO 
model checking problem on 1-NPT can be solved by an 2-EXPTIME alternating Turing 
machine, i.e., FO model checking on 1-NPT is in ATIME(exp2). We already proved this 
bound in [Kartzow 2009) using a different approach. In the final part of this section, we 
sketch how this result also follows from the approach in this paper. Recall the character- 
isation of in the 1-NPT case from Remark 15.21 We have p r* p o tt if tt performs a push 
transition followed by level 1-loop (i.e., a run that starts and ends in the same stack and 
never inspects this stack). Furthermore, for p„ the minimal element of RA„(p) we have 
Pn = pop"(p). Furthermore, successive elements of RA„(p) are connected by a single edge 
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or by (*. Thus, the final stacks of two successive relevant ancestors differ in at most one 
letter. The following lemma tells us that the number of r* edges starting at some element 
p only depends on the state of p and the symbol on top of the stack. 

Lemma 7.1. LetJ\f he a l-PS. Let q,q e Q, w, w' e S* and a e S. Then there is a bijection 
between the runs from {q,wa) to {q,wa) that never visit w and the runs from {q,w'a) to 
{q,w'a) that never visit w' . 

Proof. The bijection is given by the stack replacement [wjw'^ (cf. Lemma r4.8p . □ 

Using the previous observation, it is straightforward to prove the following lemma. 

Lemma 7.2. Let J\f be a l-PS and let q,q e Q, w e S* and a e S. The set 

{p : p(0) = {q, wa), p{\eii{p)) = {q' , wa), and p{i) + w for all < i < len(p)} 

is a context-free language accepted by some l-PS of size linear in \J\f\. Furthermore, the set 
of runs from the initial configuration to {q,w) of J\f forms a context-free language that is 
accepted by some l-PS of size linear in \N'\. 

Using the pumping lemma for context free-languages |Bar-Hillel et al. 1961) , we derive 
the following bound on short elements of context-free languages. 

Lemma 7.3. There is a fixed polynomial p such that the following holds. Let L be some 
context-free language that is accepted by a l-PS J\f. If L contains k elements, then there are 
pairwise distinct words wi,W2, ■ ■ ■ ,Wk ^ L such that length \wi\ is bounded by fc • exp(p(|A^|)) 
for all 1 < i < k. 

These observations imply that it is rather easy to construct runs with similar relevant 
ancestors in a 1-NPT. In the following, we define a simpler notion of equivalent relevant 
ancestors in the 1-NPT case that replaces the one for 2-NPT in Definition 16.11 

Definition 7.4. Let Af be some l-PS generating ^ := NPT(7V). Let p ■= pi, p2, . . . , pn and 
p' := p'l, p'2, ■ ■ ■ ,p'n be elements of We define p p' if there is a bijection ip : RA;(jo) 
RAi(p') such that the following holds: 

(1) For aU I' < I and tt e RA/'(pi), we have (^(tt) e RA;/(p-). 

(2) (fi preserves i-'^-, ^- and r*-edges. 

(3) (p preserves states and topmost stack elements, i.e., for tt e RA/(p) such that tt ends in 
configuration {q,wa), then (^(tt) ends in {q,w'a) for some word w' . 

Using corresponding constructions as in the proof of proposition 16.51 we can prove that 
Duplicator has a winning strategy that only uses elements of doubly exponential size. 

Proposition 7.5. There is a polynomial p such that the following holds: Let Af be a 
l-PS generating the NPT ^ := NPT(A/'). Let I', C eN, and I := Al' + 5. Furthermore, let p 
and p' be n-tuples of runs o/9T such that p p' , and len(7r) < C for all tt € KAi(p'), 

For each p e ^ there is some p' eTl such that 

p, p Rii' p , p and \cn{n) < C + 4'' • n • 4' exp(p(|A^|)) for all tt e RAi,{p, p). 

Proof. As in the 2-NPT case, we distinguish a local and a global case. Let tp witness 
that p p' . 

— If RA;'(/3) n RA;(p) + let po be maximal in this set. We define p'^ := tpi^po). There are 
runs po < pi < P2 < ■ ■ ■ < Prn which form the set RA;/(p) n{TT : pQ < tt}. We now inductively 
construct p'o < Pi < P2 ^ ■■■ < p'm such that p' := p'^^ satisfies the claim. Therefore, we copy 
the edge connecting pi with pi+i. If pi r* Pi+i we can construct a run p[^^ ^ RA;(p) such 
that p'^ Pi+i. Using Lemmas 17.21 and 17.31 we can ensure that p[^^ = p[ott with len(7r) 
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bounded by n • 4' • exp{p{\Af\)) . Since m < 4' the claim follows by iterative use of this 
observation. 

— If RA;'(p) nRA;(p) = 0, we proceed analogously to Lemma [6. 101 Let po be the minimal 
element of RAii{p). Let q be its final state and a be its final topmost stack entry. Let m 
be the number of occurrences of elements in RAi(p) that end in state q and with final 
topmost symbol a. Due to p', m is also the number of elements in RA;(p') that end 
in state q and with final topmost symbol a. Due to Lemmas 17.21 and 17.31 there are m + 1 
elements of size at most n-4' •exp(p(|A/'|)) that end in state q and end with topmost stack 
entry a. By pigeonhole principle, we can set p'q to be one of these such that pg i RA/(p'). 
Now, we proceed as in the local case. Let po < pi < P2 < ■ ■ ■ < Pk be the enumeration of 
RA;'(p). We define runs p'o < p'l < p'2 < • ■ • < p'k such that pi is connected to pi+i via the 
same edge as p[ to p[^^. Due to Lemmas 17.21 and 17. 3[ pi+i can be chosen such that the 
run connecting p'^ with p^^j^ is bounded by rt • 4' ■ exp{p{\Af\)) . Since fc < 4' we conclude 
that p' := p',. has length at most 4'' • n • 4' • exp(p(|7V|)). □ 

Corollary 7.6. FO model checking on 1-NPT can be solved by an alternating Turing 
machine in 2-EXPTIME with linearly many alternations in the size of the formula. 

Proof. Let (p e FOr and Af some 1-PS. Iterated use of the previous lemmas shows 
that Duplicator has a winning strategy in the r round game on NPT(A/') and NPT(jV) 
where he chooses elements of size bounded by r-exp(exp(g(r))) •exp(p(|yy/'|)) for some fixed 
polynomials p and q. □ 

8. CONCLUSION 

In this paper we extended the notion of a nested pushdown tree and developed the hierarchy 
of higher-order nested pushdown trees. These are higher-order pushdown trees enriched by 
a jump relation that makes corresponding push and pop operations (of the highest level) 
visible. This new hierarchy is an intermediate step between the hierarchy of pushdown trees 
and the hierarchy of collapsible pushdown graphs in the sense that it contains expansions 
of higher-order pushdown trees and its n-th level is uniformly first-order interpretable in 
the class of collapsible pushdown graphs of level n+ 1. We hope that further study of this 
hierarchy helps to clarify the relationship between the hierarchies defined by higher-order 
pushdown systems and by collapsible pushdown systems. We have shown the decidability of 
the first-order model checking on the first two levels of the nested pushdown tree hierarchy 
(this contrasts the vmdccidability of first-order logic on the class of all level 3 collapsible 
pushdown graphs Broad bent 2010] ). The algorithm is obtained from the analysis of restric- 
ted strategies in Ehrenfeucht-Frai'sse games on nested pushdown trees of level 2. The game 
analysis gets tractable due to the theory of relevant ancestors in combination with shrink- 
ing constructions for level 2 pushdown systems. It is open whether this approach extends 
to higher- levels. The theory of relevant ancestors generalises to all levels of the hierarchy 
and provides an understanding of the Ehrenfeucht-Frai'sse games. Unfortunately, we do not 
have any kind of shrinking constructions for pushdown systems of level 3 or higher. The 
development of such shrinking construction may yield the necessary bridge between the 
theory of relevant ancestors of n-NPT and the dynamic-small-witness property needed for 
the development of a model checking algorithm. Furthermore, better shrinking construction 
may imply elementary complexity bounds for the FO model checking on 2-NPT. Another 
open question concerns the modal /x-calculus model checking on this new hierarchy. Note 
that the interpretation of n-NPT in collapsible pushdown graphs of level n + 1 is almost 
modal but for the reversal of the jump edges in comparison to the collapse edges used for 
their simulation. We conjecture that modal /i-calculus is decidable on the whole hierarchy 
of nested pushdown trees. Moreover, it is open how the nested pushdown tree hierarchy 
relates exactly to the (collapsible) higher-order pushdown hierarchies. We conjecture that 
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the relationships obtained in this paper are optimal but we lack proofs. For instance, it 
is open whether n-NPT can be interpreted in level n collapsible pushdown graphs or vice 
versa (we conjecture the answer is no). 
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